Agent API Keys

Manage authentication credentials for MCP agents.

Key Format

Agent API keys use the gf-agent- prefix:

gf-agent-abc123xyz789...

This distinguishes them from regular GateFlow API keys (gw_prod_, gw_dev_).

Creating Agent Keys

Via API

bash

curl -X POST https://api.gateflow.ai/v1/mcp/agents \
  -H "Authorization: Bearer gw_prod_admin_key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Support Bot",
    "permissions": {
      "tools": ["llm/chat", "retrieval/search"],
      "models": ["gpt-5-mini"]
    }
  }'

Response:

json

{
  "agent_id": "agent_abc123",
  "name": "Support Bot",
  "api_key": "gf-agent-xyz789...",
  "mcp_endpoint": "https://mcp.gateflow.ai/agent_abc123",
  "created_at": "2026-02-16T10:00:00Z"
}

WARNING

The API key is only shown once at creation. Store it securely.

Via Dashboard

Navigate to MCP → Agents
Click Create Agent
Configure name and permissions
Copy the generated API key

Key Properties

Property	Description
`agent_id`	Unique agent identifier
`api_key`	Authentication credential
`mcp_endpoint`	Agent's MCP server URL
`permissions`	Granted tool/model access
`status`	active, suspended, revoked

Using Agent Keys

In Python SDK

python

from gateflow_mcp import MCPClient

client = MCPClient(
    agent_id="agent_abc123",
    api_key="gf-agent-xyz789..."
)

In HTTP Headers

bash

curl https://mcp.gateflow.ai/agent_abc123/tools \
  -H "Authorization: Bearer gf-agent-xyz789..."

In LangChain

python

from langchain_mcp import MCPToolkit

toolkit = MCPToolkit(
    server_url="https://mcp.gateflow.ai/agent_abc123",
    api_key="gf-agent-xyz789..."
)

Key Rotation

Rotate Key

bash

curl -X POST https://api.gateflow.ai/v1/mcp/agents/agent_abc123/rotate-key \
  -H "Authorization: Bearer gw_prod_admin_key" \
  -H "Content-Type: application/json" \
  -d '{
    "grace_period_hours": 24
  }'

Response:

json

{
  "agent_id": "agent_abc123",
  "new_api_key": "gf-agent-newkey123...",
  "old_key_expires_at": "2026-02-17T10:00:00Z"
}

Automatic Rotation

Configure automatic rotation:

bash

curl -X PATCH https://api.gateflow.ai/v1/mcp/agents/agent_abc123 \
  -H "Authorization: Bearer gw_prod_admin_key" \
  -H "Content-Type: application/json" \
  -d '{
    "key_rotation": {
      "enabled": true,
      "interval_days": 30,
      "grace_period_hours": 48
    }
  }'

Revoking Keys

Immediate Revocation

bash

curl -X POST https://api.gateflow.ai/v1/mcp/agents/agent_abc123/revoke \
  -H "Authorization: Bearer gw_prod_admin_key"

Response:

json

{
  "agent_id": "agent_abc123",
  "status": "revoked",
  "revoked_at": "2026-02-16T10:00:00Z"
}

Suspend (Temporary)

bash

curl -X POST https://api.gateflow.ai/v1/mcp/agents/agent_abc123/suspend \
  -H "Authorization: Bearer gw_prod_admin_key" \
  -H "Content-Type: application/json" \
  -d '{
    "reason": "maintenance"
  }'

Reactivate

bash

curl -X POST https://api.gateflow.ai/v1/mcp/agents/agent_abc123/activate \
  -H "Authorization: Bearer gw_prod_admin_key"

Key Scoping

Environment-Specific Keys

bash

# Create production agent
curl -X POST https://api.gateflow.ai/v1/mcp/agents \
  -d '{
    "name": "Support Bot (Prod)",
    "environment": "production",
    "permissions": {...}
  }'

# Create development agent
curl -X POST https://api.gateflow.ai/v1/mcp/agents \
  -d '{
    "name": "Support Bot (Dev)",
    "environment": "development",
    "permissions": {...}
  }'

IP Restrictions

bash

curl -X PATCH https://api.gateflow.ai/v1/mcp/agents/agent_abc123 \
  -H "Authorization: Bearer gw_prod_admin_key" \
  -H "Content-Type: application/json" \
  -d '{
    "allowed_ips": ["203.0.113.0/24", "198.51.100.42"]
  }'

Listing Agent Keys

List All Agents

bash

curl https://api.gateflow.ai/v1/mcp/agents \
  -H "Authorization: Bearer gw_prod_admin_key"

Response:

json

{
  "agents": [
    {
      "agent_id": "agent_abc123",
      "name": "Support Bot",
      "status": "active",
      "created_at": "2026-02-01T10:00:00Z",
      "last_used_at": "2026-02-16T09:45:00Z"
    },
    {
      "agent_id": "agent_def456",
      "name": "Research Agent",
      "status": "active",
      "created_at": "2026-02-10T10:00:00Z",
      "last_used_at": "2026-02-16T08:30:00Z"
    }
  ]
}

Security Best Practices

Never commit keys - Use environment variables
Rotate regularly - Enable automatic rotation
Minimum permissions - Only grant required tools
Monitor usage - Set up alerts for unusual activity
Use IP restrictions - Limit access to known IPs
Separate environments - Different keys for dev/prod

Environment Variables

bash

# Store in environment
export GATEFLOW_AGENT_ID="agent_abc123"
export GATEFLOW_AGENT_KEY="gf-agent-xyz789..."

# Use in code
import os
from gateflow_mcp import MCPClient

client = MCPClient(
    agent_id=os.environ["GATEFLOW_AGENT_ID"],
    api_key=os.environ["GATEFLOW_AGENT_KEY"]
)

Next Steps

Agent Profiles - Configure agent settings
Agent Lifecycle - Manage agent state
Permissions - Permission model

Agent API Keys ​

Key Format ​

Creating Agent Keys ​

Via API ​

Via Dashboard ​

Key Properties ​

Using Agent Keys ​

In Python SDK ​

In HTTP Headers ​

In LangChain ​

Key Rotation ​

Rotate Key ​

Automatic Rotation ​

Revoking Keys ​

Immediate Revocation ​

Suspend (Temporary) ​

Reactivate ​

Key Scoping ​

Environment-Specific Keys ​

IP Restrictions ​

Listing Agent Keys ​

List All Agents ​

Security Best Practices ​

Environment Variables ​

Next Steps ​

Agent API Keys

Key Format

Creating Agent Keys

Via API

Via Dashboard

Key Properties

Using Agent Keys

In Python SDK

In HTTP Headers

In LangChain

Key Rotation

Rotate Key

Automatic Rotation

Revoking Keys

Immediate Revocation

Suspend (Temporary)

Reactivate

Key Scoping

Environment-Specific Keys

IP Restrictions

Listing Agent Keys

List All Agents

Security Best Practices

Environment Variables

Next Steps