AgentWeb Auth, Scopes, And Rate Limits
AgentWeb uses scoped design-partner access for authenticated workflow execution. Public discovery documents are available without an API key. Execution APIs require an AgentWeb API key issued after workflow mapping.
Authentication
Authenticated runtime calls use a bearer token:
Authorization: Bearer aw_YOUR_KEYAPI keys are created for approved design partners and scoped to specific workflow families. The key is not a generic account password and should not be embedded in public client-side code.
Scopes
- read: public page reading and discovery helpers.
- discover: learned domain and workflow context.
- execute:workflow_id: execute one approved workflow map.
- logs:workflow_id: view execution and verification logs for one workflow.
Rate Limits
Rate limits are intentionally conservative until a design partner workflow is scoped. Production limits are set per partner, workflow, and runtime tier after the benchmark.
| Access | Default Limit | Notes |
|---|---|---|
| Public read/discovery | Free-tier hourly limit | Used for discovery and evaluation. |
| Design partner execution | Partner-specific | Set after workflow mapping and benchmark. |
| Production runtime | Contract-specific | Includes monitoring, logs, and reliability targets. |
Expected Rate-Limit Headers
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 99
Retry-After: 3600Error Shape
{
"error": {
"code": "workflow_not_mapped",
"message": "This workflow is not mapped for the provided API key.",
"workflow_id": "supplier_discovery",
"retryable": false
}
}Data Retention
AgentWeb prefers retaining workflow structure, endpoint shape, verification logic, latency, completion, and failure metrics. Sensitive customer payloads are redacted or not stored unless explicitly approved.