ArgentOSDocs

Auth Profiles

Manage multiple API keys and subscriptions with automatic failover.

Overview

Auth profiles let you configure multiple API keys, subscriptions, and provider accounts. ArgentOS automatically rotates between profiles when one hits rate limits or quota caps, ensuring your agent stays online.

How Auth Profiles Work

Each profile is a named entry with a provider, authentication credentials, and optional metadata:

{
  "anthropic:titanium": {
    "provider": "anthropic",
    "type": "setup-token",
    "token": "sk-ant-oat01-...",
    "label": "Titanium Computing Max Sub"
  },
  "anthropic:webdevtoday": {
    "provider": "anthropic",
    "type": "setup-token",
    "token": "sk-ant-oat01-...",
    "label": "WebDevToday Max Sub"
  },
  "minimax:coding-plan": {
    "provider": "minimax",
    "type": "api-key",
    "token": "sk-cp-...",
    "label": "MiniMax Coding Plan"
  }
}

Profile Location

~/.argentos/agents/main/agent/auth-profiles.json

Auth Types

Setup Tokens

Generated from Anthropic Max subscriptions via claude setup-token. These bill against the subscription's weekly quota.

claude setup-token
# Generates: sk-ant-oat01-...

API Keys

Standard per-token API keys. These bill per token used and support prompt caching.

sk-ant-api03-...

Provider-Specific Keys

Each provider has its own key format:

  • MiniMax: sk-cp-... (Coding Plan keys)
  • Z.AI: Provider-specific API key
  • OpenRouter: sk-or-...

Auth Resolution Priority

When the agent makes an API call:

  1. Auth profiles are checked first (setup tokens from Max subscriptions)
  2. Environment variables are the fallback (ANTHROPIC_API_KEY, etc.)

This means auth profiles take precedence over any API keys set in your environment.

Adding Profiles

Via CLI

argent setup

The setup wizard walks through adding new profiles.

Manual

Edit auth-profiles.json directly and add a new entry following the format above.

Rotation and Cooldown

When a profile hits a rate limit or quota cap:

  1. The profile enters a cooldown period (exponential backoff)
  2. The next profile for the same provider is tried
  3. If all profiles for a provider are in cooldown, the model router tries alternative providers

See Failover for details on the rotation algorithm.

Security

  • Auth profiles are stored locally and never transmitted
  • Tokens are written to a file readable only by the current user
  • Do not commit auth-profiles.json to version control

Providers

Supported model providers — Anthropic, Ollama, MiniMax, Z.AI, and OpenRouter.

Model Failover

Automatic failover with exponential backoff, cooldowns, and profile rotation.

On this page

OverviewHow Auth Profiles WorkProfile LocationAuth TypesSetup TokensAPI KeysProvider-Specific KeysAuth Resolution PriorityAdding ProfilesVia CLIManualRotation and CooldownSecurity