Skip to main content
AgentOS supports two security mechanisms:
MethodUse Case
Basic AuthenticationSimple key validation for development
RBACJWT-powered authorization with fine-grained scopes for production

Basic Authentication

Set the OS_SECURITY_KEY environment variable: 
export OS_SECURITY_KEY="your-secret-key"
Requests without a valid Authorization: Bearer <key> header return 401 Unauthorized.

Role-Based Access Control (RBAC)

RBAC validates JWT tokens and checks scopes against required permissions for each endpoint. Enable it with authorization=True: 
from agno.os import AgentOS

agent_os = AgentOS(
    id="my-agent-os",
    agents=[my_agent],
    authorization=True,
)
Set the JWT_VERIFICATION_KEY environment variable to your public key: 
export JWT_VERIFICATION_KEY="your-public-key"
You can generate a key pair from the control plane when connecting a new OS or from the Settings page for an existing OS. Requests without a valid JWT return 401 Unauthorized. Requests with insufficient scopes return 403 Forbidden. See RBAC Documentation for scope format, available scopes, and endpoint mappings.

RBAC Documentation

Complete scopes, permissions, and access control configuration.

JWT Middleware

JWT authentication with parameter injection and claims extraction.