Skip to Content
ConceptsAgents

Agents

An agent is a non-human actor registered under your organization. Agents represent the AI systems, bots, or automated workflows that call the Relynt gateway before performing write actions.

Key concepts

Agent identity

Each agent has a unique agent_id assigned at registration. This ID appears in:

  • Gateway requests (for authentication)
  • Policy evaluation (for agent-specific rules)
  • Receipts (for audit trails)
  • Approval messages (so reviewers know which agent is acting)

Instance ID

Each execution run of an agent should use a unique instance_id. This allows Relynt to:

  • Correlate multiple actions within a single agent run
  • Distinguish between different executions of the same agent
  • Provide run-level filtering in the receipts dashboard

Agent credentials

Agents authenticate to the Relynt gateway using bearer credentials. A credential is a secret string that the agent includes in the Authorization header.

How credentials work

  1. You rotate a credential from the agent’s Integration tab in the dashboard
  2. The plaintext secret is shown exactly once — copy it immediately
  3. Relynt stores only a hashed version of the credential
  4. The agent sends the credential as Authorization: Bearer <agent_id>:<secret>

Credentials cannot be retrieved after rotation. If lost, rotate again — the previous credential is automatically revoked.

Credential security

  • Credentials are stored hashed — Relynt never stores the plaintext
  • Each rotation revokes the previous credential
  • Credentials are scoped to a single agent within an organization
  • Never log or expose the Authorization header in your agent’s output

Registering an agent

  1. Navigate to Agents in the dashboard
  2. Click Register Agent
  3. Provide a name and optional description
  4. The agent is created with a unique agent_id
  5. Navigate to the Integration tab to rotate a credential

Best practices

  • One agent per system — register separate agents for separate automated systems (e.g., one for your CRM bot, another for your support agent)
  • Descriptive names — use names like crm-deal-updater or support-ticket-closer to identify agents in receipts and approvals
  • Rotate regularly — rotate credentials periodically or after any suspected exposure
  • Unique instance IDs — use a UUID or timestamp-based ID per run to enable run-level auditing
Last updated on
QuickstartPolicies