Skip to main content
PUT
Save OAuth 2.0 client-credentials for an agent

Authorizations

Authorization
string
header
required

Bearer token in the Authorization header. Two token types are accepted:

  • Organization API key (sk_...) issued via the dashboard. Org-scoped, long-lived, for server-to-server use.
  • User JWT obtained via the OAuth 2.1 authorization code flow with PKCE. User-scoped, short-lived. Discover the authorization server at /.well-known/oauth-authorization-server and the protected-resource metadata at /.well-known/oauth-protected-resource/api.

Path Parameters

encodedUrl
string
required

URL-encoded agent URL

Body

application/json
token_endpoint
string
required

Token endpoint URL (HTTPS required; localhost allowed in dev).

Maximum string length: 2048
client_id
string
required

OAuth client ID. May be a $ENV:VAR_NAME reference.

Maximum string length: 2048
client_secret
string
required

OAuth client secret. May be a $ENV:VAR_NAME reference. Stored encrypted at rest.

Maximum string length: 8192
scope
string

Space-separated OAuth scope values.

Maximum string length: 1024
resource
string

RFC 8707 resource indicator.

Maximum string length: 2048
audience
string

Audience parameter for audience-validating authorization servers.

Maximum string length: 2048
auth_method
enum<string>

Client-credentials placement: basic (HTTP Basic header, RFC 6749 §2.3.1 preferred) or body (form fields). SDK default is basic.

Available options:
basic,
body

Response

Credentials saved

connected
enum<boolean>
required
Available options:
true
has_auth
enum<boolean>
required
Available options:
true
agent_context_id
string
required
auth_type
enum<string>
required
Available options:
oauth_client_credentials