Documentation Index
Fetch the complete documentation index at: https://docs.run-agent.ai/llms.txt
Use this file to discover all available pages before exploring further.
Overview
All RunAgent API requests require authentication using API keys. This guide covers how to obtain, use, and manage API keys securely.
Obtaining API Keys
Via CLI
# Setup authentication
runagent setup
# View current API key
runagent config show --key api_key
Via Dashboard
- Log in to dashboard.run-agent.ai
- Navigate to API Keys section
- Click “Create New Key”
- Copy and save securely
Using API Keys
Include your API key in the Authorization header:
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://api.run-agent.ai/v1/agents
SDK Authentication
# Python SDK
from runagent import RunAgentClient
client = RunAgentClient(
agent_id="agent-123",
api_key="YOUR_API_KEY"
)
Environment Variable
Set the API key as an environment variable:
export RUNAGENT_API_KEY="YOUR_API_KEY"
API Key Types
Personal Keys
- Tied to your user account
- Full access to your resources
- Should not be shared
Service Keys
- For production applications
- Limited scope and permissions
- Can be revoked independently
Temporary Keys
- Short-lived tokens
- For testing or demos
- Auto-expire after set time
Security Best Practices
Key Storage
Never commit API keys to version control or expose them in client-side code.
# Use environment variables
api_key = os.environ["RUNAGENT_API_KEY"]
# Or configuration files (gitignored)
with open(".secrets/api_key") as f:
api_key = f.read().strip()
# Never hardcode keys
api_key = "sk-abc123..." # WRONG!
Key Rotation
Regularly rotate your API keys:
# Generate new key
runagent keys create --name "production-2024"
# Update your application
export RUNAGENT_API_KEY="new-key"
# Revoke old key
runagent keys revoke "old-key-id"
Scope Limitation
Create keys with minimal required permissions:
# Read-only key
runagent keys create --scope read --name "monitoring"
# Agent-specific key
runagent keys create --agent-id agent-123 --name "agent-specific"
Request Signing
For additional security, enable request signing:
import hmac
import hashlib
import time
def sign_request(method, path, body, secret):
timestamp = str(int(time.time()))
message = f"{method}\n{path}\n{timestamp}\n{body}"
signature = hmac.new(
secret.encode(),
message.encode(),
hashlib.sha256
).hexdigest()
return {
"X-Signature": signature,
"X-Timestamp": timestamp
}
OAuth 2.0 (Coming Soon)
Future support for OAuth 2.0 flow:
# Authorization URL
auth_url = "https://auth.run-agent.ai/oauth/authorize"
params = {
"client_id": "your-client-id",
"redirect_uri": "https://yourapp.com/callback",
"response_type": "code",
"scope": "agents:read agents:write"
}
Rate Limiting
API keys have associated rate limits:
| Tier | Requests/Hour | Burst |
|---|
| Free | 100 | 10 |
| Pro | 1,000 | 100 |
| Enterprise | Custom | Custom |
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200
IP Whitelisting
Restrict API key usage to specific IPs:
# Add IP to whitelist
runagent keys update <key-id> --add-ip 192.168.1.1
# List whitelisted IPs
runagent keys show <key-id>
Monitoring Key Usage
Via CLI
# View key usage
runagent keys usage <key-id>
# Set usage alerts
runagent keys alert <key-id> --threshold 80
Via API
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://api.run-agent.ai/v1/keys/usage
Error Responses
Invalid Key
{
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid",
"status": 401
}
}
Expired Key
{
"error": {
"code": "EXPIRED_API_KEY",
"message": "The API key has expired",
"status": 401
}
}
Rate Limited
{
"error": {
"code": "RATE_LIMITED",
"message": "Too many requests",
"status": 429,
"retry_after": 3600
}
}
Troubleshooting
Key Not Working
- Check key format (should start with
ra_)
- Verify key hasn’t expired
- Ensure proper Authorization header format
- Check IP whitelist settings
- Verify rate limits haven’t been exceeded
Permission Denied
- Check key scope and permissions
- Verify resource ownership
- Ensure key is active
- Check organization settings
See Also
