Skip to main content
Every SDK instance requires an API key. API keys identify your agent and authorize requests.

Getting an API Key

New Agent (Signup)

Create a new account and agent: 
import { Saturn } from '@saturn-pay/sdk';

const { saturn, apiKey } = await Saturn.signup({
  name: 'my-agent',
  baseUrl: 'https://api.saturn-pay.com',
});

// Save apiKey — it's only shown once
console.log('API Key:', apiKey);

Additional Agents

Create additional agents under your account: 
const saturn = new Saturn({ apiKey: 'sk_agt_...' });

const newAgent = await saturn.agents.create({
  name: 'worker-2'
});

console.log('New agent key:', newAgent.apiKey);

Using an API Key

Initialize the SDK with an existing key: 
const saturn = new Saturn({
  apiKey: 'sk_agt_your_key_here'
});
Or set via environment variable: 
export SATURN_API_KEY=sk_agt_your_key_here

const saturn = new Saturn({
  apiKey: process.env.SATURN_API_KEY
});

API Key Format

Saturn API keys follow this format: 
sk_agt_[32 random characters]
  • sk_ — Secret key prefix (never expose in client-side code)
  • agt_ — Agent key identifier
  • [32 chars] — Unique identifier

HTTP Authentication

When using the REST API directly, include the key in the Authorization header: 
curl https://api.saturn-pay.com/v1/capabilities/reason \
  -H "Authorization: Bearer sk_agt_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"prompt": "Hello"}'

Security Best Practices

API keys are server-side only. Never include them in:
  • Browser JavaScript
  • Mobile app code
  • Public repositories
  • Client-side environment variables
Store keys in environment variables, not in code:
# .env (never commit this file)
SATURN_API_KEY=sk_agt_...
Add .env to your .gitignore.
When team members leave or roles change:
  1. Create a new agent with a new key
  2. Update your deployments
  3. Delete or disable the old agent
Create separate agents for:
  • Development
  • Staging
  • Production
This prevents dev mistakes from affecting production budgets.
Every agent should have:
  • maxPerCallUsdCents — prevents single expensive calls
  • maxPerDayUsdCents — prevents runaway loops
Never deploy an agent without caps.

Key Revocation

If a key is compromised, disable the agent immediately: 
// Via dashboard: Toggle "Kill Switch" to ON

// Via API:
await saturn.agents.update(agentId, {
  killed: true
});
This immediately blocks all API calls using that key.

Common Mistakes

MistakeConsequence
Committing keys to gitKey exposed publicly
Using one key for all environmentsDev mistakes affect production
Not rotating after team changesSecurity exposure
Creating agents without capsUnbounded spend risk
Storing keys in client-side codeKey visible to users

Next Steps

Agents & Keys

Understand agent isolation

Budgets & Caps

Set spending limits