> ## Documentation Index
> Fetch the complete documentation index at: https://docs.goantiai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# JIT Tokens

> Short-lived credentials that expire automatically.

A **Just-in-Time (JIT) token** is a short-lived credential your agent gets right when it needs to make an API call — valid for 10 minutes, scoped to exactly what the agent needs, and expiring automatically.

## Why short-lived tokens?

With a long-lived API key, a compromised agent gives an attacker access until someone notices — hours or days. With JIT tokens, the window is at most 10 minutes. After that, the token expires and Anti AI can block re-authentication immediately.

## The token lifecycle

```
1. Agent requests token (client_id + client_secret + scope)
2. Anti AI validates credentials
3. Anti AI checks policy — is this scope allowed?
4. Anti AI issues a signed JWT (expires in 10 min)
5. Agent uses token for API calls
6. Token expires — agent requests a new one automatically
```

The SDK handles steps 1–4 and 6 automatically.

## Token lifetimes

| Situation                                           | Lifetime              |
| --------------------------------------------------- | --------------------- |
| Standard                                            | 10 minutes            |
| High-risk scopes (`*:write`, `*:delete`, `*:admin`) | 15 minutes max        |
| Custom per-agent TTL                                | 5 minutes to 24 hours |

## Revocation

Revoke any token instantly from the dashboard or API. The SDK detects revocations within 15 seconds via background TRL polling.
