Skip to main content
AgentOS supports two security modes:
ModeWhen to use
Basic AuthenticationSimple key validation for development.
AuthorizationJWT-powered authorization with fine-grained scopes for production.

Basic Authentication

Set the OS_SECURITY_KEY environment variable in your .env file or export it directly in your terminal: 
export OS_SECURITY_KEY="your-secret-key"
Requests without a valid Authorization: Bearer <key> header return 401 Unauthorized.

Authorization

Authorization validates JWT tokens and checks scopes against required permissions for each endpoint. Enable it with authorization=True: 
from agno.os import AgentOS

agent_os = AgentOS(
    id="my-agent-os",
    agents=[my_agent],
    authorization=True,
)
Set the JWT_VERIFICATION_KEY environment variable to your public key in your .env file or export it directly in your terminal: 
export JWT_VERIFICATION_KEY="your-public-key"
Requests without a valid JWT return 401 Unauthorized. Requests with insufficient scopes return 403 Forbidden. See Authorization for the full setup flow, scope reference, and endpoint mappings.

Authorization

JWT validation, scopes, roles, and per-user data isolation.

JWT Middleware

Token sources, claim extraction, and parameter injection.