Authentication

Secure your API requests with Bearer tokens and manage your API keys.

API Keys

All API requests to AgentContainer are authenticated using Bearer tokens. You create and manage API keys from the Settings page in the dashboard.

Every key is prefixed with ac_live_ so you can easily identify AgentContainer credentials in your environment. Keys are hashed before storage, which means you can only see the full key once at creation time — copy it somewhere safe immediately.

You can give each key a descriptive name for identification, and revoke any key at any time from the Settings page.

Using Your API Key

Include your API key in the Authorization header of every request:

Authenticated Requestbash
curl https://api.agentcontainer.com/api/v1/agents \
  -H "Authorization: Bearer ac_live_xxxxxxxxxxxx"

All endpoints require authentication except GET /api/v1/openapi.yaml, which serves the public OpenAPI specification. See the API Reference for the full list of endpoints.

Error Responses

If a request is missing the Authorization header or contains an invalid key, the API returns a 401 Unauthorized response:

401 Unauthorizedjson
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key."
  }
}

Dashboard Authentication

The dashboard uses Clerk for sign-in and sign-up, which is separate from API key authentication. Clerk handles registration, login, and profile management for the web UI.

In short: API keys are for programmatic access to the AgentContainer API, while Clerk auth is for interacting with the dashboard in your browser. You create and manage your API keys through the Clerk-authenticated dashboard.

Security Best Practices

  • Never commit API keys to version control. Add .env to your .gitignore.
  • Store keys in environment variables or a secrets manager, not directly in source code.
  • Rotate keys periodically as a matter of good hygiene.
  • Revoke keys immediately if you suspect they have been compromised.
  • Give each key a descriptive name so you know exactly what it is used for and can revoke the right one when needed.

Ready to get started? Follow the Quickstart to create your first API key and dispatch a task.