Skip to main content
The Agent Sentinel platform uses two authentication methods:
  • API keys - For SDK integration (recommended)
  • JWT tokens - For web console access (automatic via Clerk)
Both are passed as HTTP headers: 
Authorization: Bearer <token>

API keys (for SDK)

API keys are long-lived credentials for authenticating SDK requests to the platform.

Generate an API key

Via web console (recommended):
  1. Log in to console.agentsentinel.dev
  2. Navigate to SettingsAPI Keys
  3. Click Generate New Key
  4. Copy the key immediately (shown only once)
  5. Store it securely (password manager, secrets vault)
Via API: 
curl -X POST "https://platform.agentsentinel.dev/api/v1/api-keys/" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"production-agent"}'
Response: 
{
  "id": "key_abc123",
  "key": "as_a1b2c3d4e5f6...",
  "key_prefix": "as_a1b2c3",
  "name": "production-agent",
  "created_at": "2024-12-28T10:00:00Z"
}
The full API key value (as_...) is only shown once at creation time. Copy and store it immediately - you cannot retrieve it later.

Use an API key in SDK

from agent_sentinel import enable_remote_sync

enable_remote_sync(
    platform_url="https://platform.agentsentinel.dev",
    api_token="as_your_api_key_here",  # Use your API key
    run_id="run-001"
)

Manage API keys

List your keys: 
curl "https://platform.agentsentinel.dev/api/v1/api-keys/" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"
Revoke a key: 
curl -X DELETE "https://platform.agentsentinel.dev/api/v1/api-keys/{key_id}" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

JWT tokens (for web console)

JWT tokens are automatically managed by the web console via Clerk authentication. You don’t need to handle these manually for SDK usage.

When you need a JWT

JWTs are required for:
  • Accessing the web console
  • Making API calls from the browser
  • Programmatic API access (e.g., scripts, CI/CD)

Get a JWT token

Via web console: JWTs are automatically included in all web console requests - no action needed. Programmatic access: If you need a JWT for API scripts, use Clerk’s session tokens:
  1. Log in to the web console
  2. Open browser DevTools → Console
  3. Run: 
    await window.Clerk.session.getToken()
  4. Copy the token (valid for 1 hour)

JWT expiration

  • Web console: Tokens auto-refresh - you stay logged in
  • Programmatic: Tokens expire after 1 hour - regenerate as needed

Best practices

Use API keys for agents: API keys are long-lived and designed for server-side usage. JWTs expire and are meant for user sessions.
Rotate keys regularly: Generate new API keys every 90 days and delete old ones.
Never commit keys to git: Use environment variables or secrets management (AWS Secrets Manager, HashiCorp Vault, etc.).
Use separate keys per environment: Different API keys for dev, staging, and production.

Troubleshooting

“401 Unauthorized”
  • Verify API key is correct (starts with as_)
  • Check key is still active (not revoked)
  • Ensure you’re using Authorization: Bearer <key> header
“API key not working after creation”
  • Keys may take up to 30 seconds to propagate
  • Verify you copied the full key including as_ prefix
  • Test with a simple API call to verify

See also

  • Quickstart - Get your first API key and connect to the platform
  • Settings - Manage API keys in the web console