API key — SDK and CI pipelines
SDK routes (submitting traces, running CI evaluations) use an API key passed in thex-api-key header.
Session — browser UI routes
Routes called by the AgentX frontend (GET /ingest/traces, tracked-agent management) use the session cookie set by the login flow. No extra header is required when calling from the browser.
Which routes use which
| Route | Auth |
|---|---|
POST /api/v1/ingest/traces | API key |
POST /api/v1/ingest/traces/:id/evaluate | API key |
POST /api/v1/ingest/ci-runs | API key |
POST /api/v1/ingest/ci-runs/:id/results | API key |
POST /api/v1/ingest/ci-runs/:id/finalize | API key |
GET /api/v1/ingest/ci-runs/:id | API key |
GET /api/v1/ingest/datasets/:id/test-cases | API key |
GET /api/v1/ingest/traces | Session |
GET/PUT/DELETE /api/v1/ingest/tracked-agents | Session |

