Authentication Overview
Understanding authentication in SwiftClaw
Authentication Overview
SwiftClaw uses API keys to authenticate requests to your agents.
Authentication Methods
API Keys
The primary authentication method for SwiftClaw:
- Simple: Single token authentication
- Secure: Keys are encrypted at rest
- Flexible: Create multiple keys with different permissions
- Revocable: Instantly revoke compromised keys
Webhook Signatures
Verify webhook authenticity:
- HMAC-SHA256: Industry-standard signing
- Automatic: SwiftClaw signs all webhooks
- Verifiable: Validate signatures in your code
Security Best Practices
1. Keep Keys Secret
Never expose API keys in:
- Public repositories
- Client-side code
- Logs or error messages
- Screenshots or documentation
2. Use Environment Variables
# .env
SWIFTCLAW_API_KEY=sk_live_abc123...import os
api_key = os.getenv("SWIFTCLAW_API_KEY")3. Rotate Keys Regularly
# Create new key
swiftclaw keys create my-agent --name production-v2
# Update your application with new key
# Then revoke old key
swiftclaw keys revoke my-agent --key sk_live_old123...4. Use Different Keys per Environment
# Development
swiftclaw keys create my-agent --name development
# Staging
swiftclaw keys create my-agent --name staging
# Production
swiftclaw keys create my-agent --name productionKey Types
Live Keys
For production use:
- Prefix:
sk_live_ - Full access to agent
- Rate limits apply
Test Keys
For development:
- Prefix:
sk_test_ - Sandbox environment
- Higher rate limits
Never use test keys in production: Test keys have different rate limits and may behave differently.
Authentication Flow
- Create API Key: Generate key via CLI or dashboard
- Store Securely: Save in environment variables
- Include in Requests: Add to Authorization header
- Verify Response: Check for authentication errors
Next Steps
How is this guide ?
Last updated on