Auth And API Keys
Last updated 2026-02-13
Creating an API key
In Rooaak Console:
- Open your project.
- Go to API Keys.
- Create a new key and copy it immediately.
Rooaak only shows the secret once.
API key format
Rooaak keys are generated in this format:
rk_<env>_<prefix>_<secret>
Example env values: live, test.
Send key on every /v1/* request
Authorization: Bearer <api_key>
Key types
- Project key:
project_idis set, limited to one project. - Admin key:
project_id = nulland must includeadmin:projectscope.
Default scopes (when omitted on key creation)
project:readproject:agentproject:api-keysproject:messageproject:memoryproject:webhookproject:event
Scope enforcement
Each endpoint validates required scope with requireScope(...). Missing scope returns 403 FORBIDDEN.
See /docs/api-reference/scopes for endpoint mapping.
Runtime auth is separate
/runtime/* does not use API keys. It uses an agent JWT (Authorization: Bearer <token>) validated against (agentId, userId).