Authentication

Learn how to authenticate your applications with AgenticAnts using public and secret keys for secure credential management.

Credentials

AgenticAnts uses a pair of credentials (public key and secret key) to authenticate requests. These credentials are associated with your organization and project.

Credential Format

AgenticAnts credentials follow this format:

pk-ap-1234567890abcdef    # Public key (safe to expose in frontend)
sk-ap-1234567890abcdef    # Secret key (MUST be kept secret)

pk-ap / sk-ap - Ants Platform prefix
1234567890abcdef - Unique identifier

⚠️

Keep Your Secret Key Secret: Never expose your secret key in client-side code, public repositories, or logs. The secret key provides full access to your account. The public key is safe to use in client-side applications.

Getting Your Credentials

Via Dashboard

Log in to AgenticAnts Dashboard (opens in a new tab)
Navigate to Settings → API Keys
You'll see your Public Key and Secret Key
Copy both keys and store them securely
The secret key is only shown once - save it immediately!

Using Credentials

Environment Variables (Recommended)

The most secure way to use credentials is through environment variables:

# .env file
ANTS_PLATFORM_PUBLIC_KEY=pk-ap-your-public-key-here
ANTS_PLATFORM_SECRET_KEY=sk-ap-your-secret-key-here
ANTS_PLATFORM_HOST=https://api.agenticants.ai  # Optional

import { AntsPlatformSpanProcessor } from "@antsplatform/otel";
 
const processor = new AntsPlatformSpanProcessor({
  publicKey: process.env.ANTS_PLATFORM_PUBLIC_KEY,
  secretKey: process.env.ANTS_PLATFORM_SECRET_KEY,
  baseUrl: process.env.ANTS_PLATFORM_HOST || "https://api.agenticants.ai",
});

Configuration Files

For more complex setups, use configuration files:

// ants-platform.config.js
module.exports = {
  publicKey: process.env.ANTS_PLATFORM_PUBLIC_KEY,
  secretKey: process.env.ANTS_PLATFORM_SECRET_KEY,
  host: process.env.ANTS_PLATFORM_HOST || 'https://api.agenticants.ai',
  environment: process.env.ANTS_PLATFORM_ENVIRONMENT || 'development',
}

import { AntsPlatformSpanProcessor } from "@antsplatform/otel";
import config from './ants-platform.config'
 
const processor = new AntsPlatformSpanProcessor(config)

Direct Configuration (Not Recommended)

Only for testing or development:

const processor = new AntsPlatformSpanProcessor({
  publicKey: 'pk-ap-test-1234567890',  // DO NOT USE IN PRODUCTION
  secretKey: 'sk-ap-test-1234567890',  // DO NOT USE IN PRODUCTION
})

🚫

Never hardcode credentials in production code! Use environment variables or secure secret management systems.

Credential Management

Your credentials provide access to your Ants Platform project. The public key can be used in client-side applications, while the secret key provides full access and must be kept secure.

Secure Storage

Cloud Providers

AWS Secrets Manager

import { SecretsManagerClient, GetSecretValueCommand } from "@aws-sdk/client-secrets-manager"
import { AntsPlatformSpanProcessor } from "@antsplatform/otel"
 
const client = new SecretsManagerClient({ region: "us-east-1" })
const response = await client.send(
  new GetSecretValueCommand({ SecretId: "ants-platform-credentials" })
)
 
const credentials = JSON.parse(response.SecretString)
const processor = new AntsPlatformSpanProcessor({
  publicKey: credentials.publicKey,
  secretKey: credentials.secretKey,
})

Google Cloud Secret Manager

from google.cloud import secretmanager
from ants_platform import AntsPlatform
 
client = secretmanager.SecretManagerServiceClient()
public_key_name = "projects/123/secrets/ants-platform-public-key/versions/latest"
secret_key_name = "projects/123/secrets/ants-platform-secret-key/versions/latest"
 
public_key_response = client.access_secret_version(request={"name": public_key_name})
secret_key_response = client.access_secret_version(request={"name": secret_key_name})
 
public_key = public_key_response.payload.data.decode("UTF-8")
secret_key = secret_key_response.payload.data.decode("UTF-8")
 
ants_platform = AntsPlatform(public_key=public_key, secret_key=secret_key)

Azure Key Vault

from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient
from ants_platform import AntsPlatform
 
credential = DefaultAzureCredential()
client = SecretClient(vault_url="https://myvault.vault.azure.net/", credential=credential)
public_key = client.get_secret("ants-platform-public-key").value
secret_key = client.get_secret("ants-platform-secret-key").value
 
ants_platform = AntsPlatform(public_key=public_key, secret_key=secret_key)

Kubernetes Secrets

apiVersion: v1
kind: Secret
metadata:
  name: ants-platform-secret
type: Opaque
stringData:
  public-key: pk-ap-your-public-key-here
  secret-key: sk-ap-your-secret-key-here

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  template:
    spec:
      containers:
      - name: app
        env:
        - name: ANTS_PLATFORM_PUBLIC_KEY
          valueFrom:
            secretKeyRef:
              name: ants-platform-secret
              key: public-key
        - name: ANTS_PLATFORM_SECRET_KEY
          valueFrom:
            secretKeyRef:
              name: ants-platform-secret
              key: secret-key

Docker Secrets

# Create secrets
echo "pk-ap-your-public-key-here" | docker secret create ants_platform_public_key -
echo "sk-ap-your-secret-key-here" | docker secret create ants_platform_secret_key -
 
# Use in compose
services:
  app:
    image: myapp:latest
    secrets:
      - ants_platform_public_key
      - ants_platform_secret_key
    environment:
      ANTS_PLATFORM_PUBLIC_KEY_FILE: /run/secrets/ants_platform_public_key
      ANTS_PLATFORM_SECRET_KEY_FILE: /run/secrets/ants_platform_secret_key
 
secrets:
  ants_platform_public_key:
    external: true
  ants_platform_secret_key:
    external: true

Credential Rotation

Regular credential rotation is a security best practice:

Rotation Process

Generate new credentials in the dashboard
Update your applications with the new credentials
Monitor for any issues during the transition
Verify old credentials are disabled after confirming everything works

Testing Authentication

SDK Test

import { AntsPlatformSpanProcessor } from "@antsplatform/otel";
 
function testAuth() {
  try {
    const processor = new AntsPlatformSpanProcessor({
      publicKey: process.env.ANTS_PLATFORM_PUBLIC_KEY,
      secretKey: process.env.ANTS_PLATFORM_SECRET_KEY,
      baseUrl: process.env.ANTS_PLATFORM_HOST || "https://api.agenticants.ai",
    });
    
    console.log('✅ Credentials configured successfully')
    return true
  } catch (error) {
    console.error('❌ Authentication failed:', error.message)
    return false
  }
}

Security Best Practices

Do's

Use environment variables for credentials
Rotate credentials regularly (every 90 days)
Use different credentials for different environments
Keep secret keys secure - never expose them
Monitor credential usage for anomalies
Revoke compromised credentials immediately
Use secret management systems in production
Use public keys in client-side applications when safe

Don'ts

Hardcode credentials in source code
Commit credentials to version control
Share secret keys between team members
Use production credentials in development
Log credentials in application logs
Send credentials via email or chat
Expose secret keys in client-side code

Troubleshooting

Invalid Credentials

Error: Invalid public key or secret key format

Solution: Ensure your credentials follow the format pk-ap-... (public key) and sk-ap-... (secret key)

Unauthorized

Error: 401 Unauthorized - Invalid or expired credentials

Solutions:

Verify both public key and secret key are correct
Check if the credentials have been revoked
Ensure the host URL matches your deployment
Verify environment variables are properly set

Need Help? Contact support@agenticants.ai for authentication issues.

Next Steps

Now that authentication is set up, explore:

Core Concepts - Understand key AgenticAnts concepts
Integrations - Connect with your AI framework
API Reference - Detailed API documentation

Learn Core Concepts →

Installation Overview