Docs/Getting Started/Authentication

Authentication

Learn how to authenticate your applications with ANTS Platform using public and secret keys for secure credential management.

Credentials

ANTS Platform uses a pair of credentials (public key and secret key) to authenticate requests. These credentials are associated with your organization and project.

Credential Format

ANTS Platform credentials follow this format:

code
pk-ap-1234567890abcdef # Public key (safe to expose in frontend) sk-ap-1234567890abcdef # Secret key (MUST be kept secret)
  • pk-ap / sk-ap - Ants Platform prefix
  • 1234567890abcdef - Unique identifier

Keep Your Secret Key Secret: Never expose your secret key in client-side code, public repositories, or logs. The secret key provides full access to your account. The public key is safe to use in client-side applications.

Getting Your Credentials

Via Dashboard

  1. Log in to ANTS Platform Dashboard
  2. Navigate to SettingsAPI Keys
  3. You'll see your Public Key and Secret Key
  4. Copy both keys and store them securely
  5. The secret key is only shown once - save it immediately!

Using Credentials

The most secure way to use credentials is through environment variables:

bash
# .env file ANTS_PLATFORM_PUBLIC_KEY=pk-ap-your-public-key-here ANTS_PLATFORM_SECRET_KEY=sk-ap-your-secret-key-here ANTS_PLATFORM_HOST=https://api.agenticants.ai # Optional
typescript
import { AntsPlatformSpanProcessor } from "@antsplatform/otel"; const processor = new AntsPlatformSpanProcessor({ publicKey: process.env.ANTS_PLATFORM_PUBLIC_KEY, secretKey: process.env.ANTS_PLATFORM_SECRET_KEY, baseUrl: process.env.ANTS_PLATFORM_HOST || "https://api.agenticants.ai", });

Configuration Files

For more complex setups, use configuration files:

javascript
// ants-platform.config.js module.exports = { publicKey: process.env.ANTS_PLATFORM_PUBLIC_KEY, secretKey: process.env.ANTS_PLATFORM_SECRET_KEY, host: process.env.ANTS_PLATFORM_HOST || 'https://api.agenticants.ai', environment: process.env.ANTS_PLATFORM_ENVIRONMENT || 'development', }
typescript
import { AntsPlatformSpanProcessor } from "@antsplatform/otel"; import config from './ants-platform.config' const processor = new AntsPlatformSpanProcessor(config)

Only for testing or development:

typescript
const processor = new AntsPlatformSpanProcessor({ publicKey: 'pk-ap-test-1234567890', // DO NOT USE IN PRODUCTION secretKey: 'sk-ap-test-1234567890', // DO NOT USE IN PRODUCTION })

Never hardcode credentials in production code! Use environment variables or secure secret management systems.

Credential Management

Your credentials provide access to your Ants Platform project. The public key can be used in client-side applications, while the secret key provides full access and must be kept secure.

Secure Storage

Cloud Providers

AWS Secrets Manager

typescript
const client = new SecretsManagerClient({ region: "us-east-1" }) const response = await client.send( new GetSecretValueCommand({ SecretId: "ants-platform-credentials" }) ) const credentials = JSON.parse(response.SecretString) const processor = new AntsPlatformSpanProcessor({ publicKey: credentials.publicKey, secretKey: credentials.secretKey, })

Google Cloud Secret Manager

python
from google.cloud import secretmanager from ants_platform import AntsPlatform client = secretmanager.SecretManagerServiceClient() public_key_name = "projects/123/secrets/ants-platform-public-key/versions/latest" secret_key_name = "projects/123/secrets/ants-platform-secret-key/versions/latest" public_key_response = client.access_secret_version(request={"name": public_key_name}) secret_key_response = client.access_secret_version(request={"name": secret_key_name}) public_key = public_key_response.payload.data.decode("UTF-8") secret_key = secret_key_response.payload.data.decode("UTF-8") ants_platform = AntsPlatform(public_key=public_key, secret_key=secret_key)

Azure Key Vault

python
from azure.identity import DefaultAzureCredential from azure.keyvault.secrets import SecretClient from ants_platform import AntsPlatform credential = DefaultAzureCredential() client = SecretClient(vault_url="https://myvault.vault.azure.net/", credential=credential) public_key = client.get_secret("ants-platform-public-key").value secret_key = client.get_secret("ants-platform-secret-key").value ants_platform = AntsPlatform(public_key=public_key, secret_key=secret_key)

Kubernetes Secrets

yaml
apiVersion: v1 kind: Secret metadata: name: ants-platform-secret type: Opaque stringData: public-key: pk-ap-your-public-key-here secret-key: sk-ap-your-secret-key-here
yaml
apiVersion: apps/v1 kind: Deployment metadata: name: my-app spec: template: spec: containers: - name: app env: - name: ANTS_PLATFORM_PUBLIC_KEY valueFrom: secretKeyRef: name: ants-platform-secret key: public-key - name: ANTS_PLATFORM_SECRET_KEY valueFrom: secretKeyRef: name: ants-platform-secret key: secret-key

Docker Secrets

bash
# Create secrets echo "pk-ap-your-public-key-here" | docker secret create ants_platform_public_key - echo "sk-ap-your-secret-key-here" | docker secret create ants_platform_secret_key - # Use in compose services: app: image: myapp:latest secrets: - ants_platform_public_key - ants_platform_secret_key environment: ANTS_PLATFORM_PUBLIC_KEY_FILE: /run/secrets/ants_platform_public_key ANTS_PLATFORM_SECRET_KEY_FILE: /run/secrets/ants_platform_secret_key secrets: ants_platform_public_key: external: true ants_platform_secret_key: external: true

Credential Rotation

Regular credential rotation is a security best practice:

Rotation Process

  1. Generate new credentials in the dashboard
  2. Update your applications with the new credentials
  3. Monitor for any issues during the transition
  4. Verify old credentials are disabled after confirming everything works

Testing Authentication

SDK Test

typescript
import { AntsPlatformSpanProcessor } from "@antsplatform/otel"; function testAuth() { try { const processor = new AntsPlatformSpanProcessor({ publicKey: process.env.ANTS_PLATFORM_PUBLIC_KEY, secretKey: process.env.ANTS_PLATFORM_SECRET_KEY, baseUrl: process.env.ANTS_PLATFORM_HOST || "https://api.agenticants.ai", }); console.log('✅ Credentials configured successfully') return true } catch (error) { console.error('❌ Authentication failed:', error.message) return false } }

Security Best Practices

Do's

  • Use environment variables for credentials
  • Rotate credentials regularly (every 90 days)
  • Use different credentials for different environments
  • Keep secret keys secure - never expose them
  • Monitor credential usage for anomalies
  • Revoke compromised credentials immediately
  • Use secret management systems in production
  • Use public keys in client-side applications when safe

Don'ts

  • Hardcode credentials in source code
  • Commit credentials to version control
  • Share secret keys between team members
  • Use production credentials in development
  • Log credentials in application logs
  • Send credentials via email or chat
  • Expose secret keys in client-side code

Troubleshooting

Invalid Credentials

code
Error: Invalid public key or secret key format

Solution: Ensure your credentials follow the format pk-ap-... (public key) and sk-ap-... (secret key)

Unauthorized

code
Error: 401 Unauthorized - Invalid or expired credentials

Solutions:

  1. Verify both public key and secret key are correct
  2. Check if the credentials have been revoked
  3. Ensure the host URL matches your deployment
  4. Verify environment variables are properly set

Need Help? Contact support@agenticants.ai for authentication issues.

Next Steps

Now that authentication is set up, explore:

Learn Core Concepts →

© 2026 ANTS Platform, Inc.Docs v1.0 · Last updated June 2026