Authentication
Secure your API requests with API keys and understand how dashboard access works.
API Key Authentication
Generate API keys from the dashboard at /dashboard/api-keys. API keys are the primary way to authenticate programmatic requests to the AgentBank REST API.
Bearer Token Format
Include your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer agentbank_live_xxxKeys are prefixed with agentbank_live_ for production. Never expose API keys in client-side code or public repositories.
RBAC Roles
API keys are assigned role-based access control (RBAC) roles that determine what operations they can perform:
- adminFull access to all ventures and operations.
- venture_ownerRead and write access to own ventures only.
- operatorCan create and manage payouts for assigned ventures.
- viewerRead-only access; cannot modify data.
Venture Scoping
API keys are scoped to a venture. When you create a key, you associate it with a specific venture. All requests made with that key operate within that venture's context—balances, transfers, and ledger access are limited to that venture.
Session Auth for Dashboard
The AgentBank dashboard uses session-based authentication with Google OAuth. Sign in is handled automatically—when you visit the dashboard, you'll be prompted to authenticate with Google if you're not already signed in. Session cookies persist your login state across page refreshes.