Which Routes Support Which Auth
This page covers the allowlisted public surface only.
| Route or family | Auth mode | User permission | API-key scope |
|---|---|---|---|
GET /api/agents, GET /api/agents/:id, GET /api/agents/:id/versions/:versionId/diff | api_key_or_access_token | ai.use | agents:read |
POST /api/agents, PATCH /api/agents/:id, POST /api/agents/:id/versions, POST /api/agents/:id/publish, PUT /api/agent-versions/:id/workflow, POST /api/agent-versions/:id/workflow/validate, POST /api/agents/:id/versions/:versionId/rollback | api_key_or_access_token | ai.use | agents:write |
POST /api/agents/:id/run | access_token_only | ai.use | not supported |
GET /api/agent-runs/compare, GET /api/agent-runs/:id, POST /api/agent-runs/:id/load-inputs | api_key_or_access_token | ai.use | runs:read |
POST /api/agent-runs/:id/rerun-from-step | access_token_only | ai.use | not supported |
POST /api/setup/verify | api_key_or_access_token | ai.use | runs:read |
GET /api/skills, GET /api/skills/:id, POST /api/skills/:id/preview, GET /api/skills/:id/versions/:versionId/diff | api_key_or_access_token | ai.use | skills:read |
POST /api/skills, PATCH /api/skills/:id, POST /api/skills/:id/versions, POST /api/skills/:id/publish | api_key_or_access_token | ai.use | skills:write |
POST /api/skills/:id/run | access_token_only | ai.use | not supported |
GET /api/tools, GET /api/tools/:id, GET /api/tools/:id/versions/:versionId/diff | api_key_or_access_token | ai.use | tools:read |
POST /api/tools, PATCH /api/tools/:id, POST /api/tools/:id/versions | api_key_or_access_token | ai.use | tools:write |
GET /api/skills/:id/evaluation-cases, GET /api/skills/:id/evaluations/:evaluationRunId | api_key_or_access_token | ai.use | evaluations:read |
POST /api/skills/:id/evaluation-cases, POST /api/skills/:id/evaluations/run | api_key_or_access_token | ai.use | evaluations:write |
Anything not listed above should be treated as non-public or legacy unless the boundary page says otherwise.