All requests to the Secureagentics API must be authenticated using an API key passed as a Bearer token in theDocumentation Index
Fetch the complete documentation index at: https://docs.adrian.secureagentics.ai/llms.txt
Use this file to discover all available pages before exploring further.
Authorization header. You can generate API keys from Settings → API Keys in your dashboard.
Passing your API key
Include the following header on every request:Key scopes
Each API key is issued with one or more scopes that control which operations it can perform. Attempting an operation outside your key’s scope returns a403 Forbidden error.
| Scope | Permissions |
|---|---|
read | Read-only access: list and retrieve agents, events, policies, and logs. |
write | All read permissions plus the ability to create and delete resources. |
admin | All write permissions plus key management and account-level settings. |
You can view and configure the scope of each key from the Settings → API Keys page. Scope cannot be changed after a key is created — generate a new key if you need different permissions.
Authentication errors
| Status | Description |
|---|---|
401 | The Authorization header is missing, the token format is invalid, or the API key does not exist or has been revoked. |
403 | The API key is valid but does not have sufficient scope for the requested operation. |
Best practices
- Use environment variables. Store your API key in an environment variable such as
SECUREAGENTICS_API_KEYrather than hardcoding it in source files. - Rotate keys regularly. Generate new keys on a schedule and revoke old ones promptly. This limits the blast radius if a key is ever exposed.
- Use the minimum required scope. Issue keys with only the scope your integration needs. Avoid using
admin-scoped keys for read-only workloads. - Never commit keys to version control. Add
.envfiles and any file containing credentials to your.gitignore.