Agent fields
| Field | Description |
|---|---|
id | UUID, auto-generated. Passed as X-OTAS-AGENT-ID where required. |
name | Human-readable label for this agent. |
description | Optional description of what the agent does. |
provider | The AI provider powering this agent, e.g., "Anthropic", "OpenAI", "Google". |
project | The project this agent belongs to. An agent can only belong to one project. |
created_by | The user who created the agent. Must be a project Admin. |
is_active | Whether the agent is currently active. |
Creating an agent
Only project Admins can create agents. A single API call creates both the Agent record and an initial AgentKey, so you have a working key immediately.agent object and the agent_key object—including the full key value, which is shown only once.
Agent keys
An AgentKey is a credential issued to a specific agent. It is distinct from a Backend SDK Key: while an SDK key authenticates your server-side middleware on behalf of any agent, an agent key authenticates the agent itself. Key format:agent_<prefix>_<secret>
| Field | Description |
|---|---|
id | UUID identifier for the key record. |
prefix | Short identifier used to look up the key without exposing the secret. |
expires_at | Keys expire 30 days after creation. |
revoked_at | Set when a key is explicitly revoked. |
active | false if the key has expired or been revoked. |
Key lifecycle
Key is issued at agent creation
The initial key is returned in the
agent_key.api_key field of the create response. Store it securely—it will not be shown again.Pass the key in API calls
Your agent sends
X-OTAS-AGENT-KEY: agent_<prefix>_<secret> to authenticate when creating sessions or logging events.Rotate the key before expiry
Call
POST /api/agent/v1/agents/key/create/ with { "agent_id": "<uuid>" }. This revokes the current key and issues a fresh one expiring 30 days from now.Agent sessions
An AgentSession scopes a group of events to a single task or run. Every time your agent starts a new task, it should create a session. All events logged during that task are then linked to the session, making it easy to replay or debug the entire interaction.| Field | Description |
|---|---|
id | UUID, auto-generated. Used as the session reference in event logging. |
agent | The agent this session belongs to. |
agent_key | The key used to authenticate the session creation request. |
meta | Arbitrary JSON for run context, e.g., { "user_id": "u_123", "task": "summarize" }. |
Creating a session
jwt_token field. Pass this as X-OTAS-AGENT-SESSION-TOKEN when logging events so OTAS associates them with this session.
End-to-end flow
1. Create agent
Call
POST /api/agent/v1/create/ as a project Admin. Receive the agent UUID and initial AgentKey.2. Store the key
Save
agent_<prefix>_<secret> in your agent’s environment. The plain-text key is never stored by OTAS.3. Create a session
Before each task, call
POST /api/agent/v1/session/create/ with X-OTAS-AGENT-KEY. Receive a session JWT.4. Log events
Send
X-OTAS-AGENT-SESSION-TOKEN with each event so OTAS groups all calls under the correct session.