Skip to main content

Authentication

hatiOS uses JWT tokens for dashboard users and API keys for agents.

Dashboard Users (JWT)

Human users authenticate via OAuth or email/password and receive a JWT with 24-hour expiry and refresh token rotation.

POST /api/v1/auth/login
Content-Type: application/json

{
  "email": "you@company.com",
  "password": "your-password"
}

// Response: { "token": "eyJhbG...", "refresh_token": "rt_...", "expires_in": 86400 }

Agent API Keys

Agents authenticate using long-lived API keys in the x-api-key header. Keys are hashed with bcrypt before storage.

POST /proxy/v1/chat/completions
x-api-key: hk_live_a1b2c3d4e5f6...
Content-Type: application/json

Enterprise SSO

SAML 2.0 and OIDC with Okta, Azure AD, or PingIdentity. See SSO Configuration.

Dashboard Users (JWT)
Agent API Keys
Enterprise SSO