Skip to main content
All docs

features

API Keys

Scoped API keys for Agent.ceo. Every integration gets exactly the permissions it needs — no more, no less.

API Keys That Know Their Lane

Every integration gets exactly the permissions it needs — no more, no less.

The problem with API keys today

Most platforms give you one kind of API key: full access. Your ERP integration gets the same permissions as your internal admin tool. Your read-only monitoring script can accidentally write. One leaked key means everything is exposed.

Scoped keys

Agent.ceo API keys are scoped at creation. You choose what each key can do:

  • Org-wide — Full platform access for trusted internal tools
  • Agent-scoped (agent:cto) — Can only invoke a specific agent
  • A2A-scoped (a2a:billing) — Can only publish to a specific NATS subject
  • MCP-scoped — Can only call specific MCP tools
  • Read-only — Can query but never write

The key your ERP integration uses can only talk to the KB agent. Nothing else. Even if it leaks.

Built for teams

Keys are org-level, not user-level. Create one for each integration. Revoke any key instantly without touching the others. Set expiry at 30, 90, or 365 days — or never.

Manage your API keys in the dashboard

Ready to put this in production? Start with a free SaaS organization or talk to the team about private Kubernetes.

Start FreeContact Sales