Documentation Index
Fetch the complete documentation index at: https://mintlify.com/omnigent-ai/omnigent/llms.txt
Use this file to discover all available pages before exploring further.
All Omnigent API requests require a Bearer token in the Authorization header — unless the server is running with authentication disabled (local no-auth mode). The server validates the token on every request and returns 401 Unauthorized when it is missing or invalid. Tokens are JWTs signed by the server’s configured auth provider.
Obtaining a Token
The easiest way to get a token is via the Omnigent CLI:
omnigent login <server_url>
omnigent login https://omnigent.example.com
Using the Token in HTTP Requests
Pass the token in the Authorization header as a Bearer token:
curl -H "Authorization: Bearer <token>" \
http://localhost:6767/v1/sessions
curl -X POST http://localhost:6767/v1/sessions \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{"agent_id": "ag_abc123"}'
Using the Token in the Python SDK
Pass the token as a header when constructing OmnigentClient:
from omnigent_client import OmnigentClient
async with OmnigentClient(
base_url="http://localhost:6767",
headers={"Authorization": "Bearer eyJhbGciOiJIUzI1NiIs..."},
) as client:
sessions = await client.sessions.list()
httpx.Auth instance for flows that need dynamic token refresh (e.g. OAuth 2.0 client credentials):
import httpx
from omnigent_client import OmnigentClient
class BearerAuth(httpx.Auth):
def __init__(self, token: str) -> None:
self._token = token
def auth_flow(self, request):
request.headers["Authorization"] = f"Bearer {self._token}"
yield request
async with OmnigentClient(
base_url="http://localhost:6767",
auth=BearerAuth("eyJhbGciOiJIUzI1NiIs..."),
) as client:
...
omnigent login, the CLI stores the token in a local credentials file. The CLI-launched runner reads this file automatically, so you do not need to pass the token explicitly for local development.
Auth Modes
Omnigent supports three authentication backends, configured at server startup:
| Mode | Description |
|---|
| Built-in accounts | Username and password stored in the Omnigent database. Users register via the web UI or CLI. Tokens are JWTs signed with the server’s secret. |
| OIDC (SSO) | Delegate authentication to an external identity provider (Google, Okta, GitHub, etc.) via OpenID Connect. The server validates the provider’s ID token. |
| Header proxy | A reverse proxy (nginx, Caddy, Cloudflare Access) injects an authenticated user header. The server reads the header and trusts it without verifying a token. |
/v1/info endpoint:
curl http://localhost:6767/v1/info
No-Auth Mode
Local Omnigent servers started without the OMNIGENT_AUTH_ENABLED environment variable skip token validation entirely. Every request is accepted as the local user:
# No Authorization header needed in no-auth mode
curl http://localhost:6767/v1/sessions
Never expose a no-auth Omnigent server on a public network or shared environment. Any caller can read and modify all sessions, policies, and resources without restriction. Always set OMNIGENT_AUTH_ENABLED=true when the server is reachable from outside your local machine.
import base64, json
token = "eyJhbGciOiJIUzI1NiIs..."
payload_b64 = token.split(".")[1] + "==" # add padding
payload = json.loads(base64.urlsafe_b64decode(payload_b64))
print(payload)
# {"sub": "alice@example.com", "exp": 1767225600, ...}
omnigent login to refresh an expired token.
