API Key
Every request to detection and management endpoints requires an API key. Canary accepts three header formats, checked in this order:| Header | Format | Notes |
|---|---|---|
Ocp-Apim-Subscription-Key | cnry_live_xxx | Azure-compatible header name |
X-Canary-Key | cnry_live_xxx | Canary native header |
Authorization | Bearer cnry_live_xxx | Standard Bearer token |
azure-ai-anomalydetector) and .NET SDK (Azure.AI.AnomalyDetector) send the Ocp-Apim-Subscription-Key header automatically when constructed with AzureKeyCredential. Canary keys pass SDK validation because the SDK only checks that the key is a non-empty string.
Key Types
| Key Type | Prefix | Use Case |
|---|---|---|
| Live | cnry_live_ | Production API calls |
| Test | cnry_test_ | Development and testing (no billing) |
Key Scope
API keys are scoped to an organization. All baselines, usage records, and machine data are isolated by organization ID.JWT Authentication
Dashboard-authenticated users can also use Clerk JWT tokens:AWS Marketplace Bridge
Customers who subscribe to Canary Edge through AWS Marketplace authenticate with the same API key headers described above. The difference is how the account is provisioned and how usage is billed.Registration Flow
When a customer subscribes via AWS Marketplace, AWS redirects them to the Canary Edge landing page with anx-amzn-marketplace-token query parameter. Canary resolves this token to an AWS customer identifier and provisions an organization and API key automatically.
Billing Dimensions
AWS Marketplace usage is metered across three dimensions:| Dimension | Unit | Description |
|---|---|---|
batch_api_calls | API calls | Calls to entire/detect and changepoint/detect |
stream_api_calls | API calls | Calls to last/detect |
monitored_machines | Machines | Active machines with baselines |