Keys And Credentials
- user access tokens are Bearer tokens issued by your auth provider
- API keys are Bearer tokens used on routes that allow
api_key_or_access_token - the shipped presets are
runtime_default,runtime_execution, andauthoring_ci runtime_defaultis for setup verification plus stable agent/run readsruntime_executionis for trusted backend public skill execution, generated-image jobs, and run inspectionauthoring_ciis expiry-required for stateless CI/apply authoring flows- key issuance and rotation flows exist in setup/admin surfaces, but the underlying management routes are outside the current public route docs boundary
Never log raw tokens. Rotate on compromise.