Authentication – Regent Protocol

The SDK authenticates every request with a single bearer token: your API key.

Get an API key

In the dashboard, go to API Keys → Create API Key. Name it (e.g. trading-bot-prod) and copy the rgnt_… value. The key is shown once — store it in a secrets manager.

Each API key is scoped to one organization. If you have multiple orgs, you’ll have one key per org.

Initialize the client

from regent import RegentClient
 
async with RegentClient(
    base_url="https://api.regentprotocol.org",
    api_key="rgnt_...",
) as r:
    # use r.identity, r.payment, r.audit, r.guardian
    pass

The client is a context manager — async with guarantees the underlying httpx connection pool closes cleanly.

For long-lived services that hold a single client for the process lifetime:

import asyncio
from regent import RegentClient
 
class TradingBot:
    def __init__(self):
        self.regent = RegentClient(
            base_url="https://api.regentprotocol.org",
            api_key=os.environ["REGENT_API_KEY"],
        )
 
    async def close(self):
        await self.regent.aclose()

Environment variables

Convention (used by the example Binance agent):

Var	Used for
`REGENT_BASE_URL`	Override the gateway URL — defaults to `https://api.regentprotocol.org`
`REGENT_API_KEY`	Required — your `rgnt_…` API key
`REGENT_ORG_ID`	Your organization UUID — needed for org-scoped endpoints
`REGENT_AGENT_ID`	The agent ID this process represents
`REGENT_MANDATE_ID`	The mandate to authorize against

Org scoping

Some endpoints require an explicit org ID in the path (e.g. GET /v1/organizations/{org_id}/agents). The SDK accepts the org ID as a method argument for those:

agents = await r.identity.list_agents(org_id="dbf24dc8-...")

Your API key must be scoped to the same org, or the request returns 403 NOT_A_MEMBER.

Gateway vs direct service URLs

Production: always use https://api.regentprotocol.org (the platform gateway). The gateway:

Verifies your API key
Enforces org membership
Forwards to the right backend service
Aggregates errors into the standard {code, message, request_id, details} shape

Local development (running docker compose up from regent-protocol):

RegentClient(base_url="http://localhost:8005", api_key="rgnt_local_...")

…still hits the gateway, just on localhost.

You should not bypass the gateway and hit individual services in 8001/8002/8003/8004 — those are internal and don’t enforce auth.

What next

First real call: create an agent under your account.

Registering agents

Installation Authentication