STOP WASTING PAID TOKENS. START POOLING ACCOUNTS TODAY. [ GET YOUR VAULT ]

Agent Keys

An agent key is a per-agent token (a PAT — personal access token) you mint to call SpiderGate. Each key carries its own budget, rate limits, allowed-models list, and scopes — so you can give every agent exactly the access it needs and watch its spend in isolation. You manage them on the Keys tab at /dashboard/gate/keys.

Agent keys look like this and are passed as a bearer token:

Authorization: Bearer spideriq_pat_0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d

Minting a key

Open Keys → Connect an agent, give it a name and limits, and create it. The full secret is shown exactly once — copy it immediately; SpiderGate stores only a hash and can never show it again. If you lose it, revoke the key and mint a new one.

Warning: The spideriq_pat_… secret is displayed only at creation. Store it in your secrets manager before closing the dialog.

Per-token controls

Each agent key has independent controls, all enforced at request time:

::table
Control | What it does | When exceeded
Monthly budget | A USD spend cap that resets monthly. A soft limit warns; a hard limit blocks. | `402` `budget_exceeded`
Rate limit (per minute) | Maximum requests per minute for this token. | `429` `rate_limit_exceeded`
Rate limit (per day) | Maximum requests per day for this token. | `429` `daily_rate_limit_exceeded`
Allowed models | An allow-list of models / aliases the token may request. Empty = all. | `403` `model_not_allowed`
Free models only | Restrict the token to free-tier models. | `403` `model_not_allowed`

Spend is tracked per model on each token, so the dashboard shows not just total cost but which models an agent leans on.

Scopes

A token's scopes decide which SpiderGate capabilities it can use. The gate scopes are:

  • gate:chat — call chat completions and the multi-modal endpoints.

  • gate:models — list models and aliases.

  • gate:usage — read its own usage.

New tokens default to all three (gate:chat, gate:models, gate:usage). Tokens minted for broader SpiderIQ access can also carry job, content, and system scopes — but for pure gateway use, the three gate scopes are what you need.

Lifetime

Agent tokens are minted with a finite expiry — between 1 hour and 90 days, defaulting to 30 days. When a token expires it stops authenticating; mint a fresh one to rotate. You can also revoke a token at any time from the Keys tab, which takes effect immediately.

Two doors, one room

You can manage agent tokens from Gate → Keys or from Settings → Members → Agents — both create and read the same underlying tokens, so the two views never disagree about what exists or what's still alive. Use whichever you're already in.

Viewing an agent's activity

Each agent card has a View Traces action that opens the Traces view filtered to that token — the fastest way to see exactly what one agent has been doing.

Next steps

  1. Send a request with your new token — Quickstart.

  2. Understand the limits in depth — Rate Limits & Budgets.

  3. Watch the agent's requests in Traces.