Skip to main content
All API requests require authentication via an API key passed in the Authorization header.

API keys

API keys are scoped to an organization and created through the admin CLI or dashboard. Keys use the prefix sk_test_ and look like: 
sk_test_abc123def456...

Making authenticated requests

Pass your API key as a Bearer token in the Authorization header: 
curl https://api.agentcard.sh/api/v1/cards \
  -H "Authorization: Bearer sk_test_abc123def456..."

Error responses

StatusErrorDescription
401Missing or invalid Authorization headerNo Authorization: Bearer header provided
401Invalid API key formatKey doesn’t start with sk_test_
401Invalid or revoked API keyKey not found or has been revoked
403Organization is suspendedThe org associated with this key is suspended
429API key rate limit exceededPer-key rate limit exceeded (default: 1,000 req/hour)

Rate limits

Each API key has a configurable rate limit (default: 1,000 requests per hour). Rate limit headers are included in every response:
HeaderDescription
RateLimit-LimitMax requests allowed in the window
RateLimit-RemainingRequests remaining in the current window
RateLimit-ResetSeconds until the window resets

Key management

API keys can be managed through the agent-cards-admin CLI:
  • Create — Generate a new key for your organization
  • Set — Set the active API key for CLI commands
  • Rotate — Replace an existing key with a new one (old key is immediately revoked)
  • Revoke — Permanently disable a key
  • List — View all keys for an organization