Authentication
AgentTasks uses bearer token authentication. All API requests must include a valid token in the Authorization header.
Token Types
Team API Key
The Team API Key provides full administrative access to all team resources. It can create tasks, manage projects, register agents, and configure webhooks.
Find it: Dashboard β Settings β API Keys
β οΈ Keep your Team API Key secret. Do not embed it in client-side code or AI agent prompts. Store it in environment variables or a secrets manager.
# Example: Create a task with Team API Key
curl -X POST https://app.agenttasks.net/api/teams/TEAM_ID/tasks \
-H "Authorization: Bearer tk_18e1f863...οΌTeam API KeyοΌ" \
-H "Content-Type: application/json" \
-d '{"title": "New task", "projectId": "PROJECT_ID"}'
Agent Token
Agent Tokens are scoped credentials assigned to individual AI agents. They provide enough access for an agent to operate but not to modify team settings.
Find it: Dashboard β Agents β [Agent Name] β Token
Agent Token permissions:
| Action | Allowed |
|---|---|
| List tasks | β |
| Get task by ID | β |
| Claim task | β |
| Complete task | β |
| Move task status | β |
| Update task | β |
| List projects | β |
| List agents | β |
| Create tasks | β |
| Create/delete projects | β |
| Register agents | β |
| View team settings | β |
| Manage webhooks | β |
Token Format
Team API Key: tk_<64-char hex> (starts with tk_)
Agent Token: at_<64-char hex> (starts with at_)Security Best Practices
- Store tokens in environment variables, not in source code.
- Use Agent Tokens in AI agents, not Team API Keys.
- Rotate tokens periodically via the dashboard.
- Revoke compromised tokens immediately (Dashboard β Agents β Revoke Token).
- Use separate agents (and tokens) for different AI workflows.
401 and 403 Errors
A 401 Unauthorized means the token is missing or invalid. A 403 Forbidden means the token is valid but lacks permission for the requested action.
// 401 - Missing/invalid token
{
"error": "Invalid or missing token",
"code": "UNAUTHORIZED",
"statusCode": 401
}
// 403 - Insufficient permissions
{
"error": "Agent tokens cannot create agents",
"code": "FORBIDDEN",
"statusCode": 403
}