Authentication

thinnestAI supports two authentication methods depending on your use case.

1. Auth0 JWT — Dashboard & Management

Used by the dashboard frontend and management API endpoints (creating agents, managing knowledge, etc.). Tokens are obtained via the Auth0 login flow.

curl https://api.thinnest.ai/v1/agents \
  -H "Authorization: Bearer YOUR_AUTH0_JWT"

2. Agent API Keys — External Chat

For external integrations where end users chat with your agents. API keys are scoped to a single agent and can only be used for the Chat endpoint.

curl -X POST https://api.thinnest.ai/v1/agents/ag_c47e7c97_b2f2/chat \
  -H "Authorization: Bearer ak_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"message": "Hello"}'

Key Formats

Type	Prefix	Example	Used For
Agent API Key	`ak_`	`ak_a1b2c3d4e5f6g7h8`	External chat with agents
Platform API Key	`thns_sk_`	`thns_sk_abc123xyz`	Platform-level access
Agent ID	`ag_`	`ag_c47e7c97_b2f2`	Identifying agents

Error Responses

Code	Description
`401`	Missing or invalid token/key
`403`	Valid auth but insufficient permissions
`429`	Rate limit exceeded

{
  "detail": "Invalid or expired authentication token"
}

Rate Limits

Auth Type	Limit
Auth0 JWT	200 requests/minute
Agent API Key	60 requests/minute per key

​Authentication

​1. Auth0 JWT — Dashboard & Management

​2. Agent API Keys — External Chat

​Key Formats

​Error Responses

​Rate Limits