/mcp, interfaces (A2A, AG-UI), and WebSockets. The layer runs in one of three authentication modes:
JWT configuration takes precedence over the security key. Service account tokens authenticate in all three modes.
Authorization (JWT)
AgentOS validates JWT tokens and checks scopes against required permissions for each endpoint. Enable it withauthorization=True:
401 Unauthorized; requests with insufficient scopes return 403 Forbidden.
See Authorization for the full setup.
Service Accounts (Machine Tokens)
Machine callers such as coding agents, chat apps, and CI pipelines authenticate with opaqueagno_pat_... tokens instead of JWTs. Tokens are minted through the API or agno tokens create, carry their own scopes, and attribute every run to an sa:<name> principal:
security_key and none.
See Service Accounts for minting, scoping, and revocation.
Security Key
Set a shared secret in theOS_SECURITY_KEY environment variable:
Authorization: Bearer <key> header return 401 Unauthorized. This is the simplest path to a protected AgentOS, suitable for local development or single-team prototypes. A valid key is a trusted root: it passes every endpoint and can mint service account tokens.
For production deployments, use Authorization instead.
Next Steps
Authorization
JWT validation, scopes, roles, and per-user data isolation.
Service Accounts
Mint, scope, and revoke opaque machine tokens.
JWT Middleware
Token sources, claim extraction, and parameter injection.
Scopes
The full permission reference for every AgentOS endpoint.