Skip to content

Manage Scopes and Keys for API Apps

Agent Platform introduces API scopes in the Settings console, moving from unrestricted management API keys to more secure, scoped API key-based application management.

Users can select specific scopes for managing tools, models, and guardrails. This allows for the creation of internal applications with restricted access to only the necessary API endpoints. By limiting API access, this feature reduces security risks, allowing administrators to generate multiple API keys and ensure secure, controlled access for authorized personnel.

Important Considerations for API Keys

  • Scope-restricted access: API keys grant access exclusively to their assigned scopes.
  • Unauthorized access: Any attempt to access unassigned scopes is automatically rejected.
  • Multiple keys per app: You can generate multiple API keys for a single app.
  • One key per app: An API key cannot be shared across multiple apps.
  • Immutable keys: API keys can be deleted, but cannot be modified after they are created.
  • Copy-once policy: For security reasons, each API key can only be copied once.

Users can rename an app, modify its selected scopes, or delete the app as needed. Once the admin defines or updates the API scopes, the changes are applied platform-wide, ensuring consistent and controlled access to the APIs wherever they are used.

For more information on roles and permissions for API-scoped apps, please refer here.

Use Case: Scoped API Access for Banking Departments

A bank automates tool workflows and integrates various internal systems across different departments, including Risk & Compliance, Customer Support, and Marketing. This requires access to APIs with different scopes.

  • Risk & Compliance Department: This team requires access only to models and tools for generating reports from transaction logs and audit trails. The admin creates a scoped app that grants access to tools and models. This prevents the team from accidentally accessing unrelated customer information available for guardrails.

  • Customer Support Department: Support agents require access to monitoring AI customer interactions, but should not have access to risk and compliance tools or model management. A scoped app ensures support teams stay within their operational boundaries.

By using API-scoped apps and API keys, the bank minimizes the risk of data exposure while maintaining security, ensuring compliance, and strictly regulating access to authorized system users.

Supported API Scopes

The following API scopes are available for this feature.

API Scope Description
Deploy Tool Deploy a specific tool into an environment. It allows the user to control the deployment process either synchronously or asynchronously. Learn more.
Undeploy Tool Undeploy a tool that is deployed in an environment. Learn more.
Deploy Model Deploy an open-source or fine-tuned model in the Ready to Deploy state. Learn more.
Undeploy Model Undeploy a model from the environment. Learn more.
Import Model Import a model in chunks into the Agent Platform environment. Learn more.
Import Tool Import a new tool into the system. Learn more.
Export Model Export a trained AI model from the system. Learn more.
Export Tool Export a tool's configuration and associated data.Learn more.
Deploy Guardrails Deploy predefined guardrails to enhance security, compliance, and content moderation in AI interactions. Learn more.
Undeploy Guardrails Remove the previously deployed guardrails that regulate AI interactions. Learn more.

Access API Scopes

To access this feature, follow the steps below:

  1. Navigate to the Settings Console.
  2. Click Security & Control > API Scopes on the left navigation menu. select api scopes

Implement API Scoping

The key steps to implement API scoping include:

  1. Create an API app and assign scopes: API-scoped apps have limited and specific permissions tied only to the API endpoints they need. Creating an API-scoped app enables you to restrict permissions, enhance security, better control and monitor access, and tailor the app specifically to meet the integration’s needs.
  2. Create one or more API Keys to access the app: API keys for scoped apps provide secure, manageable, and auditable access control tailored to the app’s needs, making access and usage safer and easier to track.

Create an API Application

To create an app, follow the steps below:

  1. Access API Scopes.

  2. Click Create an API App or Create an App. create api app

  3. Click Untitled app and provide the app name. provide app name

  4. Select the required scopes from the list. select scopes

  5. Click Next.

    A success message is displayed, and the following window is displayed. Follow the steps in the next section to complete the process.

    success app creation

Create an API Key

This step is necessary to complete the app creation process. To create an API Key, follow the steps below:

  1. Click Create API Key.

  2. In the Create new API key dialog, provide a name and click Generate Key. generate new api key

  3. Once the key is successfully generated, click Copy and Close to copy the API key. create new api key

A success message is displayed once the key is copied.

Important information on API Keys

For security reasons, the API key is only shown once and is not stored or displayed again. Copy and save it in a secure location for future reference.

What Happens If You Lose It?

You’ll need to revoke the old key and generate a new one. This could disrupt services if the key is in use.

The API key is listed for the app, as shown below. api keys list

  1. Click Done
    2. . The summary on the app displays the following information:
    • Name: The API app name.
    • Scopes: The selected API scopes.
    • Created by: The name of the user who created the app.
    • Created on: The date when the app was created.
      • apps list

Manage API App and Key

You can edit or delete an API app, including its name and scopes. However, you cannot edit an API key; you can only delete it.

Edit App and Delete API Key

To edit an API app, follow the steps below:

  1. Hover over and click the Edit icon for the required app. access edit icon

  2. In the App’s configuration window, do the following:

    • To change the app name, click and modify the title.

    • To change the scopes, click the API Scopes tab and select/unselect the listed scopes. change api config

    • To delete an API key, follow the steps below:

      • Click the API Keys tab.

      • Hover over and click the Delete icon for the required key. access delete icon

      • Click Delete in the confirmation window.

        delete api keys

        Caution

        The key you are deleting will no longer function if it is in use. You must generate a new key.

        The deleted key is removed from the app in the API Keys section and is no longer associated with the app.

  1. Click Save.
    2. A success message is displayed once the app is edited. The changes are updated in the summary page. edit success message

Delete App

To delete an API app, follow the steps below:

  1. Hover over and click the Delete icon for the required app. access delete

  2. Click Delete in the confirmation window.

    delete api app

A success message is displayed, and the app is removed from the list.