Manage your ThreatWinds account efficiently by monitoring your billing usage, tracking resource quotas, and securing your integrations with API keys. This guide covers the essential tools available for platform administration and oversight.
Billing and Quotas
ThreatWinds provides granular visibility into your account's billing tier, financial limits, and resource quotas. Understanding these metrics helps you scale your operations smoothly.
Available Metrics
You can retrieve various billing and usage metrics using the ThreatWinds API.
| Metric | Endpoint | Description |
|---|---|---|
| Billing Tier | GET /billing/v1/customer/tier | Your current subscription level and associated benefits. |
| Billing Limits | GET /billing/v1/limits | The maximum financial or overarching limits applied to your account. |
| Billing Usage | GET /billing/v1/limits/usage | Your current real-time billing usage against your limits. |
| Quotas | GET /billing/v1/quotas | Specific resource caps (e.g., maximum compute instances). |
| Quota Usage | GET /billing/v1/quotas/usage | How much of your specific resource quotas you have consumed. |
We recommend checking your Quota Usage regularly if you frequently create and destroy compute instances. This ensures you always have headroom for new automated tasks.
Managing API Keys
To interact with your agent instances programmatically, you must authorize API keys. Keys are managed at the instance level, allowing you to grant or revoke access seamlessly.
flowchart LR
A[Generate Keypair] --> B[Add to Instance]
B --> C{Active Key}
C -->|Authenticate| D[Make API Requests]
C -->|Revoke| E[Remove Key]Authorizing a New API Key
When you generate a new API keypair, you need to authorize it for your specific instance.
- 1
Prepare your credentials
Ensure you have your new
api_keyandapi_secretready. You may also want to decide on a recognizablelabel(like "CI/CD Pipeline" or "Developer Laptop") to easily identify the key later. - 2
Submit the authorization request
Make a
POSTrequest to the keys endpoint, providing your credentials in the JSON body.curl -X POST https://api.threatwinds.com/v1/keys -H "Content-Type: application/json" -d '{ "api_key": "your_api_key_here", "api_secret": "your_api_secret_here", "label": "Production Agent Key" }' - 3
Verify the key was added
List your authorized keys to ensure the new key appears with the correct label.
Never commit your api_secret to source control. Once authorized, the secret cannot be retrieved again from the platform. Always use environment variables or a secure secrets manager.
Listing and Revoking Keys
It is a security best practice to periodically audit your authorized keys and remove any that are no longer in use.
List Keys: Send a
GETrequest to/v1/keysto view all currently authorized API keys for your instance.Remove a Key: Send a
DELETErequest to/v1/keys/{key_id}to immediately revoke access for that specific key.
Account Verification
Some advanced compute features and higher billing limits require a verified ThreatWinds account. You can check your current verification status at any time:
curl -X GET https://api.threatwinds.com/auth/v2/verify/statusIf your account is pending verification, certain quota increases may be temporarily restricted.
Frequently Asked Questions
What is the difference between Limits and Quotas?
Limits generally refer to your account's overarching financial or API rate limits based on your billing tier. Quotas refer to the maximum number of specific resources you can provision, such as the number of active compute instances or custom task sessions.
How do I find out who owns my instance?
You can retrieve the owner information for your current agent instance by making a GET request to /v1/instance/owner. This is helpful for auditing and support requests.
What happens if I exceed my quota?
If you attempt to create a new resource (like a compute instance) that exceeds your quota, the API will return a 429 Too Many Requests or 403 Forbidden error. You will need to either delete unused resources or upgrade your billing tier.
