Authentication

Create a token

1. Sign in at renai.build.
2. Open Settings → Personal access tokens.
3. Click Create token, name it (e.g. “local dev”, “production deploy”), and select the scopes it should have.
4. Copy the token. It is shown once. If you lose it, revoke it and create a new one.

Tokens are prefixed with ren_pat_ so you can recognise them in logs and environment files.

Use a token with the SDK

Pass the token to createRenClient via the pat() auth strategy:

import { createRenClient, pat } from "@renai-labs/sdk"

const client = createRenClient({
  baseUrl: "https://api.renai.build",
  auth: pat(process.env.REN_PAT_TOKEN!),
})

Raw HTTP

Send in Authorization header:

curl https://api.renai.build/api/pods \
  -H "Authorization: Bearer $REN_PAT_TOKEN"

Scopes

Scopes follow <resource>.<action> (e.g. agents.read, agents.write). Grant the narrowest scopes needed.

Rotating tokens

Revoke tokens from the same settings page. Revocation takes effect immediately — in-flight requests with the revoked token will begin returning 401 Unauthorized.

Caution

Never commit PATs to source control. Store them in your secret manager (1Password, Doppler, AWS Secrets Manager, GitHub Actions secrets) and inject them as environment variables at runtime.

Next steps

• Personal access tokens — the token resource in detail, including managing tokens via the API.
• Custom auth strategies — advanced: plug your own header or signing logic into the SDK.