> ## Documentation Index
> Fetch the complete documentation index at: https://docs.goantiai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Anti AI API.

All API calls require authentication. There are three methods depending on who is calling.

## Clerk JWT — human operators

Used by the dashboard and direct API calls from your team.

```bash theme={null}
curl -H "Authorization: Bearer YOUR_CLERK_JWT" \
  https://api.antiailabs.com/api/v1/agents
```

Get your JWT from the dashboard → **Settings → API Access**.

## OAuth 2.1 — AI agents

Used by agents to request tokens. This is what the SDK does automatically.

```bash theme={null}
curl -X POST https://api.antiailabs.com/oauth/token \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=db:read"
```

## Admin API Key — downstream services

Used by services that need to verify agent tokens.

```bash theme={null}
curl -X POST https://api.antiailabs.com/oauth/introspect/v2 \
  -H "X-API-Key: YOUR_ADMIN_API_KEY" \
  -d "token=AGENT_ACCESS_TOKEN"
```

Create Admin API keys from **Settings → API Keys**.

## Role permissions

| Role       | What they can do                                                          |
| ---------- | ------------------------------------------------------------------------- |
| **Viewer** | Read agents, policies, audit logs, tokens                                 |
| **Member** | Viewer + create/update agents, simulate policies                          |
| **Admin**  | Member + create/update/delete policies, rotate credentials, revoke tokens |
| **Owner**  | Admin + manage tenant settings, assign roles, compromise signing keys     |
