Skip to content

Authentication

AG2Trust uses two authentication methods depending on how you're accessing the platform.

Dashboard Authentication

The AG2Trust Dashboard uses Firebase Authentication for secure user login.

Supported Login Methods

  • Email/Password: Traditional email and password login
  • Google Sign-In: OAuth 2.0 authentication via Google

Signing In

  1. Go to app.ag2trust.com
  2. Click Sign In
  3. Choose your authentication method
  4. Complete the login flow

Multi-Factor Authentication (Coming Soon)

Enhanced security with MFA will be available in a future release.

API Authentication

The Customer API uses API keys for authentication. All API requests must include a valid API key.

API Key Format

API keys follow this format:

cust_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • Prefix: cust_
  • Length: 32+ characters
  • Character set: URL-safe base64

Generating API Keys

  1. Log in to the Dashboard
  2. Navigate to Settings > API Keys
  3. Click Generate API Key
  4. Give your key a descriptive name (e.g., "Production", "Development")
  5. Copy and securely store the key

One-Time Display

API keys are displayed only once at creation. We store only a secure hash - we cannot recover your key if lost. Generate a new key if needed.

Using API Keys

Include your API key in the X-API-Key header:

curl -X POST https://agents.ag2trust.com/api/v1/agents/{id}/messages \
  -H "X-API-Key: cust_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"message": "Hello"}'

import requests

response = requests.post(
    "https://agents.ag2trust.com/api/v1/agents/{id}/messages",
    headers={
        "X-API-Key": "cust_your_api_key_here",
        "Content-Type": "application/json"
    },
    json={"message": "Hello"}
)

const response = await fetch(
  'https://agents.ag2trust.com/api/v1/agents/{id}/messages',
  {
    method: 'POST',
    headers: {
      'X-API-Key': 'cust_your_api_key_here',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ message: 'Hello' })
  }
);

Managing API Keys

Multiple Keys

You can create multiple API keys for different purposes:

Key Name Use Case
Production Live application traffic
Development Local development and testing
CI/CD Automated testing pipelines

Revoking Keys

To revoke an API key:

  1. Navigate to Settings > API Keys
  2. Find the key to revoke
  3. Click the Revoke button
  4. Confirm the action

Immediate Effect

Revoked keys stop working immediately. Ensure you've updated any systems using the key before revoking.

Security Best Practices

  1. Never expose keys in client-side code - API keys should only be used server-side
  2. Use environment variables - Don't hardcode keys in source code
  3. Rotate keys regularly - Generate new keys periodically
  4. Use separate keys per environment - Different keys for dev/staging/production
  5. Monitor usage - Review API usage in the Dashboard for anomalies
# Good: Environment variable
export AG2TRUST_API_KEY="cust_your_api_key_here"

# In code
import os
api_key = os.environ["AG2TRUST_API_KEY"]

User Roles & Permissions

AG2Trust uses role-based access control (RBAC) within organizations.

Roles

Role Description Key Permissions
Owner Organization owner Full access, billing, delete org
Admin Organization administrator Full access except billing
Member Team member CRUD agents/teams/workflows
Viewer Read-only access View only, no modifications

Permission Matrix

Action Owner Admin Member Viewer
View agents/teams
Create/edit agents
Manage users
Manage API keys
Billing & subscription
Delete organization

Inviting Users

  1. Navigate to Users in the sidebar
  2. Click Invite User
  3. Enter their email address
  4. Select a role
  5. Click Send Invitation

The invited user will receive an email with instructions to join your organization.

API Endpoints

Endpoint Auth Method Description
app.ag2trust.com/* Firebase JWT Dashboard UI
agents.ag2trust.com/api/v1/* API Key Customer API

Next Steps