Exchange agent login
Polls the agent login request using deviceCode and, once approved, issues a reusable workspace-scoped API key. The secret is returned once at apiKey.key, should be saved immediately, and should be reused for future HTTP API calls instead of re-running login.
/api/v1/agent/auth/exchangePolls the agent login request using deviceCode and, once approved, issues a reusable workspace-scoped API key. The secret is returned once at apiKey.key, should be saved immediately, and should be reused for future HTTP API calls instead of re-running login.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
Get agent login request GET
Reads the public state of an agent login request by customer-facing code.
Start agent login POST
Starts the agent approval flow and returns a short customer code plus a browser verification URL. Agents should send verificationUriComplete to the customer, wait for approval, then poll POST /api/v1/agent/auth/exchange with deviceCode. A successful exchange returns a reusable workspace API key secret in apiKey.key for the HTTP API, not an OAuth token. Effective access is the union of role permissions and explicit permissions. If neither is provided, role defaults to admin.