Agent HandlerAccess Keys

Create access key

Creates a new access key. Can be scoped to specific tool packs and registered users. The new key’s scope must be a subset of the parent key (the access key authenticating this request).

Authentication

AuthorizationBearer

Token-based authentication with required prefix “Bearer”

Request

This endpoint expects an object.
namestringOptional<=255 characters

Human-readable label for the key. Auto-generated if omitted.

tool_pack_idslist of strings or nullOptional

Tool packs this key can access. Must be a subset of the parent key’s tool_pack_ids. Pass null for unrestricted access to all tool packs in the organization.

registered_user_idslist of strings or nullOptional

Registered users this key can access. Must be a subset of the parent key’s registered_user_ids. Pass null for unrestricted access to all registered users in the organization.

is_testbooleanOptionalDefaults to false
If true, the key can only authenticate test registered users.
expires_atdatetime or nullOptional

Expiration timestamp. Must be before the parent key’s expires_at. Defaults to 90 days from now if omitted. Pass null explicitly for a key that never expires.

expires_inintegerOptional>=60

Seconds until the key expires. Alternative to expires_at.

Response

idstringRead-onlyformat: "uuid"
keystring or nullRead-only
Raw secret value. Returned only on create or regenerate.
key_maskedstringRead-only
Truncated form of the secret safe to display in UIs.
created_atdatetimeRead-only
namestring<=255 characters

Human-readable label for the key. Auto-generated if omitted.

tool_pack_idslist of strings or null

Tool packs this key can access. Must be a subset of the parent key’s tool_pack_ids. Pass null for unrestricted access to all tool packs in the organization.

registered_user_idslist of strings or null

Registered users this key can access. Must be a subset of the parent key’s registered_user_ids. Pass null for unrestricted access to all registered users in the organization.

is_testbooleanDefaults to false
If true, the key can only authenticate test registered users.
expires_atdatetime or null

Expiration timestamp. Must be before the parent key’s expires_at. Defaults to 90 days from now if omitted. Pass null explicitly for a key that never expires.