Auth & Keys
Key types
Section titled “Key types”Glasstrace uses three key types, each with a distinct prefix:
| Prefix | How obtained | TTL | Capabilities |
|---|---|---|---|
gt_anon_xxx | Auto-generated by SDK on first run (stored in .glasstrace/anon_key) | Key does not expire. Traces stored under it have a 48-hour TTL. | Trace ingestion, basic MCP tool access (get_latest_error, get_trace return data; get_root_cause returns raw trace with status: "unavailable"). No enrichment, no source maps, no dashboard. |
gt_dev_xxx | Generated via dashboard after signup | No expiry (until revoked) | Full trace ingestion, enrichment, source maps, and all MCP tools. Dashboard access requires a separate session login. |
gt_session_xxx | Rotated per session window | Per-session | Browser extension observation, domain allowlist access. |
Set your key via the GLASSTRACE_API_KEY environment variable:
GLASSTRACE_API_KEY=<your-api-key>Signup flow
Section titled “Signup flow”Glasstrace uses email and password authentication. No OAuth providers.
- Sign up at the dashboard with your email and a password.
- Enter a credit card (Stripe). A 30-day free trial begins immediately.
- After the trial, Pro tier billing starts at $10/month.
There is no free tier with an account. Anonymous mode is the free option. If you have been using anonymous mode, the claim flow (below) links your existing traces to your new account.
Sign up to enable enrichment, source maps, dashboard access, and extended trace retention.
Anonymous mode
Section titled “Anonymous mode”No signup needed. When no GLASSTRACE_API_KEY is set, the SDK generates a gt_anon_xxx key on first run and stores it in .glasstrace/anon_key.
Anonymous mode is fully functional for basic debugging:
- Trace ingestion works. Traces are captured and sent to Glasstrace.
- MCP tools work.
get_latest_errorandget_tracereturn trace data. Your agent can query traces without an account. - Traces expire after 48 hours. Storage TTL is 48 hours — traces are automatically deleted after that window.
Anonymous mode does not include:
- Enrichment (
get_root_causereturns the raw trace withstatus: "unavailable") - Dashboard access
- Source map uploads
- Extended trace retention
Sign up to enable AI-powered root cause analysis, source maps, and extended retention.
Claim flow (anonymous-to-paid upgrade)
Section titled “Claim flow (anonymous-to-paid upgrade)”When you sign up for an account, the claim flow links your existing anonymous traces to your new account. Here is the step-by-step process:
-
You have been using anonymous mode. The SDK auto-generated a
gt_anon_xxxkey stored in.glasstrace/anon_key. -
You sign up for an account (credit card required) and initiate the claim from the dashboard onboarding flow.
-
Copy your anonymous key from
.glasstrace/anon_keyand paste it into the onboarding form. -
The backend verifies your
gt_anon_xxxkey and links your existing anonymous traces to your new account. -
The dashboard confirms the link and reveals your new
gt_dev_xxxkey. The key is only shown after the link succeeds — you cannot update your environment before the link happens. -
Set
GLASSTRACE_API_KEYto your new dev key:.env.local GLASSTRACE_API_KEY=<your-gt_dev_xxx-key> -
On next restart, the SDK uses the dev key.
Grace period: The backend continues accepting traces with your gt_anon_xxx key and attributes them to your linked account for 30 days. The SDK logs a reminder on each startup to update your key. After 30 days, the anonymous key stops working.
Expired traces cannot be claimed. Anonymous traces have a 48-hour storage TTL. Traces older than 48 hours are already deleted and cannot be linked to your account.
No anonymous traces detected? If you have not installed the SDK yet (no anonymous trace arrives within the onboarding timeout), the dashboard directs you to account settings where you can find your gt_dev_xxx key and setup instructions. See Getting Started for installation.
API key management
Section titled “API key management”Find your keys
Section titled “Find your keys”Your gt_dev_xxx API key is available in the dashboard under account settings.
Rotate a key
Section titled “Rotate a key”- Open account settings in the dashboard.
- Generate a new key. The old key enters a 24-hour grace period during which both keys are accepted.
- Update
GLASSTRACE_API_KEYin your.env.localwith the new key. - After 24 hours, the old key stops working.
Revoke a key
Section titled “Revoke a key”Revoke a key immediately from the dashboard account settings. Revocation is instant — the key stops working with no grace period.
Security
Section titled “Security”Your API key is server-side only. Follow these rules:
- Set
GLASSTRACE_API_KEYin.env.local, not in client-side code. - Add
.env.localto your.gitignore. Never commit API keys to version control. - If a key is accidentally exposed, revoke it immediately from the dashboard and generate a new one.
Environment variable
Section titled “Environment variable”The SDK reads its key from the GLASSTRACE_API_KEY environment variable:
GLASSTRACE_API_KEY=<your-api-key>If this variable is not set, the SDK falls back to anonymous mode automatically.
Related pages: Getting Started | Configuration | Troubleshooting