Set (or rotate) the BYOK key for one agent kind. Orchestrates the
probe → encrypt → store sequence in a single atomic call so a client
that skips `validate-key` still gets a safe error on bad input.
Agents
Set (or rotate) the BYOK key for one agent kind. Orchestrates the probe → encrypt → store sequence in a single atomic call so a client that skips `validate-key` still gets a safe error on bad input.
Flow:
- Probe the key against Anthropic.
- If the probe returns
Invalid, return 400 with the probe body — the row is not touched. Nothing to roll back. - If
Valid,store_byokUPSERTs the config row with the ciphertext and flipsbyok_statustoactive. - Re-read the row and return it so the caller sees the fresh state.
PUT
Set (or rotate) the BYOK key for one agent kind. Orchestrates the
probe → encrypt → store sequence in a single atomic call so a client
that skips `validate-key` still gets a safe error on bad input.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Path Parameters
Agent kind identifier
Body
application/json
Request body for POST /agent-configs/validate-key and
PUT /agent-configs/{kind}/byok-key. Shared because both endpoints
just take a raw provider API key.
Plaintext Anthropic API key. Transported over TLS + never logged.
Response
Key probed, encrypted, stored
A single agent_configs row as exposed over the REST API. Deliberately
omits byok_key_ref and byok_key_version — those never cross the
API boundary.
Probe a candidate API key against Anthropic without persisting it.
Used by the wizard path: the frontend validates a key before the
user commits it. Always returns 200 — the `ProbeResult` body
distinguishes valid from invalid.Operator revoke: wipes the ciphertext and pins `byok_status` to
`revoked`. Sticky per the state machine — the tenant must re-enter a
key (via `PUT /byok-key`) to return to active.