API Keys
The API Keys page manages platform credentials outside the browser session model.
Agirunner needs a clear distinction between browser auth and durable API access. This page is where operators issue and revoke credentials for people, services, and integrations that need access to the control plane without going through a browser session every time.
What Lives Here
Section titled “What Lives Here”- operator-managed admin and service keys
- system-generated keys tied to internal lifecycle
- create, revoke, and expiry review flows
- recent usage visibility
Why It Matters
Section titled “Why It Matters”API access is part of the product contract, not a hidden implementation detail. A public control plane needs a clear operator surface for credential lifecycle management.
For local development, this also connects back to the default admin key
in agirunner/.env, which is how most first-time operators log
into the dashboard. The same bootstrap file also seeds
PLATFORM_SERVICE_API_KEY, which the stack uses for internal
service-to-platform calls. Worker and agent keys are then generated by
the platform during runtime lifecycle registration rather than hand-made
in .env.
How It Connects To The Rest Of The System
Section titled “How It Connects To The Rest Of The System”API keys sit underneath almost every non-browser interaction in the product:
- operators use them to script against the API Reference
- runtimes, workers, and agents use them to register and claim work
- external systems use them for integrations, triggers, and protocol entry points
- services use them to automate workflow launch and supervision outside the dashboard
That is why this page belongs in Admin rather than inside any one workflow or integration screen. It controls who can talk to the control plane at all.