Authentication

Getting a Token
Using the Token
Token Contents
Development Mode

AgentFlow uses Auth0 for authentication. All API requests must include a valid JWT in the Authorization header.

Getting a Token

Obtain an access token from your Auth0 tenant:

curl -X POST https://YOUR_DOMAIN.auth0.com/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "audience": "YOUR_API_AUDIENCE",
    "grant_type": "client_credentials"
  }'

Using the Token

Include it in every request:

curl -H "Authorization: Bearer eyJhbG..." http://localhost:8000/agents

Token Contents

The JWT payload includes:

Claim	Description
`sub`	User ID
`org_id`	Tenant/organization ID
`permissions`	Granted scopes

AgentFlow extracts tenant_id and user_id from these claims and uses them for multi-tenant isolation.

Development Mode

In ENVIRONMENT=development, authentication can be bypassed for local testing. Set appropriate headers to simulate tenant context.

API Overview List Agents

⌘I

Overview

Agents

Tools

Knowledge Bases

Conversations

Getting a Token

Using the Token

Token Contents

Development Mode

Overview

Agents

Tools

Knowledge Bases

Conversations

​Getting a Token

​Using the Token

​Token Contents

​Development Mode

Getting a Token

Using the Token

Token Contents

Development Mode