Authorization header of every request:
Credential modes
Natural supports four credential modes. They differ in who the request acts as and how agent identity is established:| Mode | Prefix / flow | Acts as |
|---|---|---|
| API key | sk_ntl_… | Your party |
| Agent key | ak_ntl_… | One specific agent, verified |
| User-scoped MCP OAuth | Browser OAuth consent | The authorizing user |
| Agent-scoped MCP OAuth | Browser OAuth consent | Selected or new agent, verified |
- Bound credentials carry verified agent identity. With an agent key or an agent-scoped OAuth grant, the server resolves the agent from the credential itself.
- User-scoped money movement is valid. Dashboard users, user-scoped MCP grants, and party API keys can move money as user/party actions without any agent attribution.
- Agent-attributed money movement requires
X-Instance-ID. See instance attribution.
API keys
API keys are party-scoped credentials in the formatsk_ntl_{environment}_{secret}:
| Prefix | Environment |
|---|---|
sk_ntl_prod_ | Production |
https://api.natural.co.
An API key acts as your party. For new agent integrations, use an agent key or agent-scoped OAuth instead of party-key attribution.
Creating API keys
Create API keys from the Natural Dashboard or viaPOST /api-keys after completing verification. The key secret is shown once — store it immediately.
Each key can be scoped to a subset of permissions. Scope a key down to exactly what the integration needs — for example, a read-only key, or one limited to payments:
Agent keys
Agent keys are credentials bound to exactly one of your agents, in the formatak_ntl_{environment}_{secret}. Requests authenticated with an agent key resolve as that agent, verified by the credential itself.
Creating agent keys
Create agent keys from the dashboard or viaPOST /agent-keys, naming the existing agent it is bound to:
attributes.agentKey exactly once. List and revoke responses only include the non-secret agentKeyPrefix.
Agent key permissions
Agent keys do not take user-selected scopes. They always receive Natural’s server-defined agent credential policy: broad operational capability for the bound agent (payments, payment requests, transfers, wallet reads, customer reads) with hard exclusions that no agent credential can ever hold:- Creating agents
- Creating, listing, or revoking API keys or agent keys
- Team membership and account control
- Party profile/admin changes
- Wallet lifecycle/admin operations
- Vault funds
Rotation
Rotation is overlapping, never atomic: create a replacement key, deploy it, then revoke the old key. Multiple active keys per agent are valid, so a running deployment never loses access mid-rotation. Revoking a key stops it immediately for raw-key requests and new token exchanges; short-lived tokens already minted from it expire within their 15-minute TTL.Instance attribution for agent money movement
Agent-attributed money movement (payments, transfers, payment-request fulfillment) always requires anX-Instance-ID header — a caller-chosen run/session/conversation identifier that answers “which run of the agent did this”. This applies to agent keys, agent-scoped OAuth grants, and legacy party-key attribution. Reads do not require it.
A money-movement request from an agent-bound credential without X-Instance-ID is rejected with 400 missing_instance_id:
X-Instance-ID.
MCP OAuth
The MCP connector authenticates AI hosts with browser OAuth. During consent you choose the grant subject:- As me (user-scoped) — tool calls act as you, with your party permissions. This is the default, and existing grants stay user-scoped until you reconnect and choose otherwise.
- As an agent (agent-scoped) — choose New agent to create an agent during OAuth approval, or select one of your existing agents. Tool calls act as that agent with the clamped agent credential policy. Agent-scoped grants cannot create agents or manage keys after authorization.
Checking your identity
GET /whoami returns the resolved subject for any credential: actor type, party, agent ID and how it was established (credential, oauth_grant, or header), credential kind, and key/grant IDs. Use it to verify which mode a credential resolves to.
Security
- Store keys in a dedicated secret management system. Never commit them to source control. Both
sk_ntl_andak_ntl_prefixes should be treated as secrets by your scanners. - Rotate keys periodically. You can have multiple active keys to enable zero-downtime rotation.
- Revoke compromised keys immediately via the dashboard,
DELETE /api-keys/{keyId}, orDELETE /agent-keys/{keyId}. - All requests require HTTPS.
Related
- Agents — The agent model, instances, and audit trail
- MCP — Connect Claude, Cursor, and other AI hosts to Natural
- API Reference — Create, list, and revoke keys
- Error Handling — Authentication error codes