Auth for Agents

Agents should use the same auth posture as production backends, not the browser-demo posture used by the docs UI.

Recommended setup

• Store FastNear credentials in env vars or a secret manager.
• Inject them from the agent runtime or a thin backend proxy.
• Keep audit logs and rate-limit visibility on the server side.
• Rotate credentials if they leak into prompts, logs, or debugging traces.

Avoid this

• Do not lift a key out of browser localStorage and call that an agent credential.
• Do not ask users to paste their FastNear API key into a shared chat or prompt.
• Do not embed keys into client-side agent apps.

Related guides

• Auth & Access
• Production Backend