OAuth providers

Sentry

Set up Sentry OAuth for error monitoring and project management

Overview

Connect your users to Sentry for error monitoring, performance tracking, and project management.

Property	Value
Provider ID	`sentry`
PKCE	Supported
Token refresh	Automatic (refresh token reused)
Access token lifetime	30 days
Redirect URI	Shown in Developer Portal

Step 1: Create a Sentry OAuth Application

Go to Sentry API Applications

Navigate to sentry.io and go to Settings > Account > API > Applications, or go directly to sentry.io/settings/account/api/applications/.

Create a new application

Click Create New Application and select Confidential as the application type.

Fill in:

Name: The application name (e.g., “My App”)
Redirect URIs: Copy the Redirect URI from the Developer Portal

Configure scopes

Select the required scopes for the application. See Available Scopes below.

Get credentials

After saving:

Client ID: Displayed on the application page
Client Secret: Displayed on the application page

Copy both values.

Step 2: Add to Alter Vault

Open the Developer Portal

Go to portal.alterauth.com and navigate to the application.

Add Sentry provider

Go to OAuth Providers > Add Provider > Sentry.

Enter credentials

Client ID: Paste your Sentry Client ID
Client Secret: Paste your Sentry Client Secret

Select scopes

Choose the scopes the application needs.

Save

Click Save. The provider is now active.

Step 3: Test It

After a user connects via Alter Connect, use the returned grant_id to make API calls:

from alter_sdk import App, HttpMethod

async with App(
    api_key="alter_key_...",
    caller="my-agent",
) as alter_app:
    response = await alter_app.request(
        HttpMethod.GET,
        "https://sentry.io/api/0/organizations/",
        grant_id=grant_id,
    )
    orgs = response.json()
    for org in orgs:
        print(f"{org['name']} ({org['slug']})")

Available Scopes

Sentry scopes follow a hierarchy: admin > write > read. Requesting a higher level automatically includes lower levels.

Organization

Scope	Description
`org:read`	Read organization data
`org:write`	Modify organization information
`org:admin`	Full organization control including deletion

Project

Scope	Description
`project:read`	View project details
`project:write`	Create or modify projects
`project:admin`	Full project management including deletion
`project:releases`	Manage project and organization releases

Team

Scope	Description
`team:read`	View team information
`team:write`	Create or modify teams
`team:admin`	Full team management including deletion

Member

Scope	Description
`member:read`	View member details
`member:write`	Add or modify members
`member:admin`	Full member management including deletion

Event

Scope	Description
`event:read`	View issues and events
`event:write`	Modify issues
`event:admin`	Delete issues

Common API Endpoints

Use Case	Method	URL
List organizations	GET	`https://sentry.io/api/0/organizations/`
List projects	GET	`https://sentry.io/api/0/organizations/{org_slug}/projects/`
List issues	GET	`https://sentry.io/api/0/projects/{org_slug}/{project_slug}/issues/`
Get issue details	GET	`https://sentry.io/api/0/issues/{issue_id}/`
List releases	GET	`https://sentry.io/api/0/organizations/{org_slug}/releases/`
Resolve an issue	PUT	`https://sentry.io/api/0/issues/{issue_id}/`

Notes

Access tokens expire after 30 days. Alter Vault automatically refreshes them using the refresh token.
Sentry’s refresh token is reused (same token persists across refreshes), similar to Google’s pattern.
Sentry scope permissions in the application settings must match the scopes requested. If a scope that the application doesn’t have permission for is requested, the authorization will fail.
The default scopes (org:read, project:read, team:read, event:read) provide read-only access, which is sufficient for most monitoring use cases.