Can I create read-only API keys?
We don't have a dedicated read-only API key option for Admins or Members, but you can get the same effect by inviting a Guest user to your team and generating an API token on their account.
Guests can view your monitors and check results but can't add or remove monitors, change billing, or edit team settings. An API token created by a Guest inherits the same restrictions, so it behaves as a read-only key for monitoring data.
Tip: use an email alias for the Guest account, for example name+ohdear@domain.com. That way you don't need a separate mailbox just for automation tokens.
Read-only access for MCP
Connecting Oh Dear to an AI assistant instead? Our MCP Connected Apps have a proper read-only scope built in. When you authorise the app (under Settings > Connected apps), you choose read-only or read-write, and you can limit it to specific monitors or status pages. No Guest-account trick needed there.
If you'd like proper scoped API keys for the REST API too, let us know. Hearing what you need helps us prioritize.