BoxWatch
Sign in

title: "Account overview" description: "What lives in your BoxWatch account settings and where to find each piece." last_updated: "2026-05-24"

Account overview

Account settings live at Dashboard → Account. This is where you change your email, manage notification channels, control alerts, set up two-factor auth, and rotate API keys.

What's here

SectionWhat it controls
ProfileEmail address, password
NotificationsSlack and Discord webhooks, generic webhook endpoints
PreferencesImmediate vs. digest mode, digest frequency, monthly report opt-in
SecurityTwo-factor auth, session management
API keysPersonal API keys for the BoxWatch API
BillingPlan and payment management via Stripe

Changing your email

Profile → Email. Submit a new address. BoxWatch sends a verification link to the new email. Click it, and the change takes effect.

Until you verify, the old email still receives alerts and stays on the account. Alert email follows the verified address.

Changing your password

Profile → Password. Enter your current password plus the new one (minimum 8 characters). Active sessions stay logged in — no global sign-out on password change. If you want everything else logged out, sign out from the user menu and back in.

Email verification

New accounts must verify their email before some features work. If you didn't get the link or it expired:

curl -X POST https://api.boxwatch.app/auth/resend-verification \
  -H "Authorization: Bearer YOUR_KEY"

Or click Resend verification in the dashboard banner.

Preferences

Preferences → Alert mode controls whether alerts arrive immediate (default) or roll up into a digest. Combined with Digest frequency (none, weekly, monthly, both) you can choose between push-style notifications and a periodic summary.

Monthly report is a separate opt-in. When enabled, BoxWatch emails a short monthly digest of your account's overall health — uptime percentages, alert volume, top noisy entities. Disable it from Preferences if you don't want it.

Sessions

BoxWatch uses an HTTP-only cookie (boxwatch_token) with a 30-day expiry. Logging out clears the cookie:

POST/auth/logout
Auth: bearer

There's no session list / revoke-elsewhere flow today. If you suspect a session is compromised, change your password and rotate any active API keys.

Deleting your account

Self-serve account deletion isn't in the dashboard yet. Email [email protected] from the address on the account, and we'll:

  1. Cancel any active Stripe subscription.
  2. Delete your servers, checks, dashboards, status pages, and API keys.
  3. Purge your user row and metric history.

This is irreversible. Export anything you want to keep first.

Data export

Per-feature exports are available where it matters:

  • Server metrics: CSV export from the server detail page.
  • Alert history: API at /alerts/history returns paginated JSON.
  • Cron ping history: visible on each check's detail page (last 100 pings).
  • Uptime check history: CSV export from the check detail page.

A single "export everything" zip isn't built yet — file a request if you need one before deleting.

See also

Was this page helpful?
← Previous
Custom API Endpoints
Next →
Plans & billing