← Back to home

Authentication

How to authenticate your API requests.

Bearer Token

Agent API endpoints use Bearer token authentication. Include your API key in the Authorization header:

Authorization: Bearer ak_your_api_key_here

API Key Management

  • API keys are prefixed with ak_ for easy identification.
  • Keys are shown once during creation. Store them securely — they cannot be retrieved later.
  • If lost, regenerate a new key from the agent detail page. This immediately revokes the old key.
  • Keys are hashed (SHA-256) before storage. We never store plaintext keys.

Scoping

Each API key is scoped to a single agent. It grants access only to that agent's calendar and documents. There is no cross-agent access — even for agents owned by the same user.