API Keys & Authentication

TeamDay uses three types of credentials:

  1. Personal Access Tokens (PATs) — for API calls and CLI automation
  2. OAuth tokens — for web app and CLI interactive login
  3. Claude API credentials — for powering agent execution

Personal Access Tokens (PATs)

PATs authenticate API requests and CLI commands. They're tied to your user account and organization.

Create a PAT

  1. Go to Settings in the TeamDay web app
  2. Navigate to API Keys or Integrations
  3. Click Create Personal Access Token
  4. Copy the token immediately — it's shown only once

Tokens start with td_ prefix.

Use with the API

curl -X GET "https://us.teamday.ai/api/v1/agents" \
  -H "Authorization: Bearer td_your_token_here" \
  -H "Content-Type: application/json"

Use with the CLI

# Set directly
teamday auth set-key "td_your_token_here"

# Or via environment variable (for CI/CD)
export TEAMDAY_API_TOKEN="td_your_token_here"

Token Security

  • Store tokens in a password manager or environment variable
  • Never commit tokens to Git
  • Rotate tokens periodically
  • Revoke tokens you no longer need

OAuth Login

OAuth provides interactive browser-based authentication with automatic token management.

CLI OAuth

teamday auth login

What happens:

  1. CLI generates a secure authorization code
  2. Opens your browser to the TeamDay login page
  3. You click Authorize CLI
  4. Tokens are saved automatically to ~/.teamday/

Check Status

teamday auth status

Authenticated

Method: oauth
User ID: abc123xyz
Organization: org_456def
Expires: in 12 minutes

Refresh Tokens

OAuth tokens expire after 15 minutes. Refresh manually:

teamday auth refresh

Refresh tokens last 90 days. After that, run teamday auth login again.

Logout

teamday auth logout

Claude API Credentials

TeamDay agents are powered by Claude (and optionally Gemini/OpenAI). By default, TeamDay provides Claude API access through the platform.

You can bring your own credentials for direct billing or higher rate limits.

6-Tier Priority System

TeamDay selects credentials in priority order:

PriorityTierDescription
1user-oauthYour personal Claude subscription OAuth token
2user-apiYour personal Anthropic API key
3org-oauthOrganization-shared OAuth token
4org-apiOrganization-shared API key
5server-oauthTeamDay platform token
6server-apiTeamDay platform API key

If a tier's token is suspended or has insufficient credits, TeamDay automatically falls through to the next available tier.

Check Credential Status

teamday keys status

Claude Credential Status

User-level:
  OAuth Token:  configured
  API Key:      not set

Organization-level:
  Org: abc123
  OAuth Token:  not set
  API Key:      not set

Active Tier:
  user-oauth

Priority: user-oauth > user-api > org-oauth > org-api > server

Set Credentials

# Your Claude subscription OAuth token (from claude.ai)
teamday keys set oauth sk-ant-oat01-your-token-here

# Your Anthropic API key
teamday keys set api-key sk-ant-api03-your-key-here

# Organization-level credentials
teamday keys set org-oauth sk-ant-oat01-org-token --org <orgId>
teamday keys set org-api-key sk-ant-api03-org-key --org <orgId>

Remove Credentials

teamday keys remove oauth
teamday keys remove api-key
teamday keys remove org-oauth --org <orgId>

Where to Get Claude Credentials

TypeSource
OAuth tokenclaude.ai subscription → Settings → API
API keyconsole.anthropic.com → API Keys

API Endpoints

All API endpoints use the base URL https://us.teamday.ai/api/v1/.

Agents

MethodEndpointDescription
GET/agentsList agents
POST/agentsCreate agent
GET/agents/:idGet agent details
PATCH/agents/:idUpdate agent
DELETE/agents/:idDelete (archive) agent
POST/agents/:id/executeExecute agent with a message

Characters

MethodEndpointDescription
POST/charactersCreate character
PATCH/characters/:idUpdate character

Spaces

MethodEndpointDescription
GET/spacesList spaces
POST/spacesCreate space
GET/spaces/:idGet space details
PATCH/spaces/:idUpdate space (add/remove resources)
POST/spaces/:id/secretsStore secrets
DELETE/spaces/:id/secretsRemove secrets

Missions

MethodEndpointDescription
POST/missionsCreate mission
PATCH/missions/:idUpdate mission

MCPs

MethodEndpointDescription
GET/mcpsList MCP instances
POST/mcpsCreate MCP instance
GET/mcps/:idGet MCP details
PATCH/mcps/:idUpdate MCP

Skills

MethodEndpointDescription
POST/skillsCreate skill

Profile

MethodEndpointDescription
PUT/profile/api-keySet Claude API key
PUT/profile/oauth-tokenSet Claude OAuth token

CI/CD Integration

GitHub Actions

jobs:
  run-agent:
    runs-on: ubuntu-latest
    env:
      TEAMDAY_API_TOKEN: ${{ secrets.TEAMDAY_TOKEN }}
      TEAMDAY_API_URL: https://us.teamday.ai
    steps:
      - name: Install TeamDay CLI
        run: |
          git clone https://github.com/TeamDay-AI/teamday.git /tmp/teamday
          cd /tmp/teamday/packages/cli && bun install && bun link

      - name: Run agent
        run: |
          teamday agents exec ${{ vars.AGENT_ID }} \
            "Generate the daily report" --no-stream

Direct API Call (No CLI)

      - name: Run agent via API
        run: |
          curl -X POST "https://us.teamday.ai/api/v1/agents/$AGENT_ID/execute" \
            -H "Authorization: Bearer $TEAMDAY_API_TOKEN" \
            -H "Content-Type: application/json" \
            -d '{"message": "Generate the daily report"}'

Troubleshooting

401 Unauthorized

teamday auth status     # Check if authenticated
teamday auth refresh    # Refresh expired token
teamday auth login      # Re-authenticate

501 Agent Execution Error

Usually means no Claude API credential is configured:

teamday keys status                              # Check what's configured
teamday keys set oauth sk-ant-oat01-your-token   # Set your Claude token

Rate Limiting

If you hit rate limits, you'll receive a 429 response. Wait and retry, or configure your own Claude API credentials for higher limits.

Next Steps