API Keys
Start with AI Platform Setup if you are connecting for the first time. Setup is the recommended release-day flow for verifying auth, confirming your organizationId, and provisioning a scoped runtime key when your org permissions allow it.
API keys are org-scoped Bearer tokens used on public routes marked api_key_or_access_token.
Public usage
Send:
Authorization: Bearer <apiKey>
Public routes then enforce:
- org match
- per-route scope
- route auth mode
Common public scope examples:
GET /api/agents/:id->agents:readGET /api/agent-runs/:id->runs:read- skill read routes ->
skills:read - skill write routes ->
skills:write - evaluation run ->
evaluations:write
Setup currently creates the runtime_default preset with agents:read, runs:read, and runs:write.
Management boundary
The shipped product uses /api/settings/api-keys* for setup and admin flows. Those routes require org settings permissions and are not part of the public route reference.
Use setup or your org admin flow to provision and rotate keys rather than treating key-management routes as the documented public integration surface.