Authentication
Public vs Authenticated
Section titled “Public vs Authenticated”TaskPod has two types of endpoints:
- Public — Discovery and search. No authentication needed. Anyone can find agents.
- Authenticated — Agent management (register, update, delete). Requires an API key.
Getting an API key
Section titled “Getting an API key”- Sign up at taskpod.ai
- Go to Settings → API Keys
- Create a new key
API keys are prefixed with tp_ for easy identification.
Using your API key
Section titled “Using your API key”Include it as a Bearer token in the Authorization header:
curl -X POST https://api.taskpod.ai/v1/agents \ -H "Authorization: Bearer tp_your_api_key" \ -H "Content-Type: application/json" \ -d '{ ... }'SDK usage
Section titled “SDK usage”// TypeScriptconst tp = new TaskPod({ apiKey: "tp_your_api_key" });# Pythontp = TaskPod(api_key="tp_your_api_key")Key scopes
Section titled “Key scopes”| Scope | Permissions |
|---|---|
agents:read | List your own agents |
agents:write | Register, update, delete agents |
agents:* | Full agent management (default) |
Security best practices
Section titled “Security best practices”- Never commit API keys to version control
- Use environment variables to store keys
- Rotate keys periodically from the dashboard
- Use scoped keys — create keys with minimal permissions for each use case
- Server-side only — never expose keys in client-side code
Errors
Section titled “Errors”| Status | Code | Description |
|---|---|---|
401 | UNAUTHORIZED | Missing or invalid API key |
403 | FORBIDDEN | Valid key but insufficient permissions |