🚀 RealTimeX v1.0.6 is live! Update now →
Agent Authentication

Agent Authentication

Agent Authentication is the RealTimeX control surface for API keys that should be injected into launched agent runtimes automatically.

Open it from Settings > Agents > Agent Authentication.

Use it when RealTimeX needs to start an agent runtime and provide the provider key on your behalf, instead of relying only on shell environment variables.

What this is for

This page is mainly relevant for ACP-backed or CLI-backed agent runtimes such as:

  • Gemini CLI
  • Claude Code
  • Codex CLI
  • Qwen CLI
  • OpenCode
  • RealTimeX Ambient Agent

If the runtime expects a provider API key, this page lets you store that key in RealTimeX so the runtime can receive it automatically at launch.

What this is not

Agent Authentication is easy to confuse with two other features:

  • Agentic CLIs: tracks whether a CLI is installed, reachable, and authenticated on the host
  • Credentials: stores reusable secrets for integrations, tools, and workflows outside the agent-runtime auth path

Use Agent Authentication when the runtime itself needs a provider key.

Use Credentials when an agent or plugin needs to call some other external system.

Use Agentic CLIs when RealTimeX needs to know whether a command-line tool exists and is ready to use.

Agents that authenticate through their own CLI or IDE state instead of API-key injection, such as Antigravity CLI and Cursor Agent, are not mainly configured here.

Current provider profiles

The current UI supports these provider profiles:

  • Gemini CLI: GEMINI_API_KEY
  • Claude Code: ANTHROPIC_API_KEY
  • Codex CLI: OPENAI_API_KEY
  • OpenCode: OPENAI_API_KEY or ANTHROPIC_API_KEY
  • Qwen CLI: QWEN_API_KEY, DASHSCOPE_API_KEY, plus multiple OpenAI-compatible profiles and selected Anthropic, Gemini, and RealTimeX AI keys
  • RealTimeX Ambient Agent: the same broader provider set exposed for Qwen CLI

The exact dropdown options come from the current product build. If RealTimeX adds more runtime providers later, this page may show more choices than this guide lists.

What is not listed here

Antigravity CLI does not currently use Agent Authentication profiles.

In the current product, Antigravity authentication is expected to come from the CLI's own local auth state, typically via:

  • agy
  • the Antigravity IDE

Use Agent Runtime and Agentic CLIs to verify install and readiness for Antigravity instead of expecting an API-key profile on this page.

Cursor Agent does not currently use Agent Authentication profiles either.

In the current product, Cursor authentication is expected to come from Cursor's own authentication flow and local auth state rather than a stored API key on this page.

Use Agent Runtime and CLI Agent Sessions (ACP) to verify discovery, install state, and launch behavior for Cursor instead of expecting an API-key profile here.

How to add a key

  1. Open Settings > Agents > Agent Authentication.
  2. Click Add API Key.
  3. Choose the target runtime profile.
  4. Paste the API key for the environment-variable slot that RealTimeX shows.
  5. Save it.

If the selected provider is already configured, saving again replaces the existing stored key for that provider profile.

What the page shows

The main table focuses on runtime auth state, not general secret storage.

Typical fields include:

  • provider
  • profile or environment-variable slot
  • credential type
  • created time

If no stored keys appear and the page says agents are already authenticated via environment variables, the runtime may already be satisfied from the host environment instead of the in-app store.

When to use this instead of environment variables

Use the in-app page when you want:

  • a clearer runtime-specific auth inventory
  • easier replacement of keys without editing host shell config
  • different stored keys for different runtime profiles

Use environment variables when your deployment already manages those keys outside the app and you do not want RealTimeX to store them directly.

Typical situations

Claude Code or Codex launches but is unauthenticated

If the runtime exists but immediately reports missing provider auth, add or update the matching provider key here.

Ambient Agent needs a provider key

If your ambient runtime path depends on a provider-backed agent configuration, store the matching profile in Agent Authentication instead of assuming Credentials will be used.

Qwen or compatible runtime needs a different provider backend

The current UI supports broader profile mappings for Qwen CLI and RealTimeX Ambient Agent, so make sure you choose the correct provider slot instead of pasting a key into the wrong profile.

Troubleshooting

The runtime still says auth is missing

Check:

  • that you selected the correct runtime profile
  • that the key was saved under the correct environment-variable slot
  • whether the runtime is actually the one your workspace is launching
  • whether a stale environment variable on the host is conflicting with what you expect

I already logged in to the CLI manually

That may be enough for Agentic CLIs, but it does not replace Agent Authentication when the launched runtime expects an injected provider API key.

For runtimes such as Antigravity CLI and Cursor Agent, manual CLI or IDE authentication is the intended path, so not appearing in Agent Authentication can be normal.

I already stored the secret in Credentials

Credentials and Agent Authentication are separate systems. A secret stored in Credentials is not automatically used as a runtime provider key.

Related guides

Agentic CLIsSlash Commands