Skip to main content

Overview

AgentPowers uses Clerk for authentication. All authenticated API requests require a Bearer token in the Authorization header.

API Authentication

Include a Bearer token in the Authorization header: 
curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://api.agentpowers.ai/v1/purchases

CLI Authentication

The CLI handles authentication automatically: 
ap login
This opens your browser for OAuth sign-in via Clerk. After authenticating, the CLI stores a long-lived token locally with restricted file permissions. 
ap whoami    # Check current session
ap logout    # Clear stored token

CLI Token Lifecycle

StepWhat happens
ap loginBrowser OAuth via Clerk, long-lived token stored locally
API callsCLI sends token automatically on every request
ap logoutToken revoked server-side, local credentials deleted
Token expiryAfter 90 days, re-run ap login to get a new token
New loginCreating a new token automatically revokes the previous one

Plugin Authentication

The MCP plugin shares the same auth token stored by the CLI. Log in once with the CLI and the plugin picks it up automatically.

Public vs Authenticated Endpoints

EndpointAuth Required
GET /v1/skillsNo
GET /v1/skills/{slug}No
GET /v1/searchNo
GET /v1/categoriesNo
GET /v1/detail/{slug}No
GET /v1/skills/{slug}/download (free)No
GET /v1/skills/{slug}/download (paid)Yes
POST /v1/skillsYes
POST /v1/checkoutYes
GET /v1/purchasesYes
GET /v1/purchases/confirmYes
POST /v1/installationsOptional (anonymous external installs are silently ignored)
POST /v1/skills/{slug}/reviewsYes
GET /v1/skills/{slug}/reviewsNo
GET /v1/users/profileYes
PATCH /v1/users/profileYes
GET /v1/sellers/statusYes
POST /v1/sellers/connectYes
GET /v1/sellers/earningsYes
GET /v1/sellers/skillsYes
GET /v1/sellers/salesYes
GET /v1/sellers/revenueYes
GET /v1/sellers/revenue/breakdownYes
GET /v1/sellers/activityYes
GET /v1/sellers/{slug}No
GET /v1/sellers/{slug}/skillsNo

Rate Limits

TierLimit
Public reads60 requests/minute
Authenticated reads10 requests/minute
Write operations20 requests/minute
Rate limits are per IP address for all requests. Exceeding the limit returns 429 Too Many Requests.

Need Help?

Email Support

Reach us at [email protected] for account issues, billing questions, or technical help.

Discord Community

Join the AgentPowers Discord to get help from the team and other creators in real time.