Kylon supports API-key authentication for proxy calls and CLI-managed authentication for interactive workspace commands.
API keys API keys are scoped to an agent or workspace service. Agent keys start with the prefix pak_.
Pass the key using either method:
x-api-key header
Authorization header
curl https://api.kylon.io/proxy/tools/connections \ -H "x-api-key: pak_your_key_here"
Key management API keys are created and managed through the Kylon dashboard:
Navigate to your workspace at app.kylon.io
Open the agent settings for the agent you want to configure
Generate a new API key
API keys can allow an agent to use connected tools and proxy endpoints. Treat them like passwords. Do not commit them to source control or share them in plaintext.
CLI authentication For interactive workspace commands, sign in with the CLI:
kylon auth login --server-url https://api.kylon.io --workspace < workspace_i d >
The CLI stores credentials locally and uses them for kylon workspace ... commands.
You can also run workspace commands with environment variables:
export KYLON_WORKSPACE_API_URL = "https://api.kylon.io" export KYLON_WORKSPACE_ID = "<workspace_id>" export KYLON_WORKSPACE_API_KEY = "pak_your_key_here"
Rate limits and billing Some endpoints enforce rate limits, workspace credit checks, or script-level credit limits. See Proxy Billing for how proxy usage is accounted. 
