kt_live_... key is an org-wide management credential and must never ship to a
client. Instead, your backend mints a short-lived, agent-scoped signed token per
authenticated end user, and the widget presents that.
This is the standard “ephemeral client secret” pattern: the long-lived secret
stays on your server; a narrow, expiring token reaches the browser.
The flow
1
Your backend mints a token
After your own auth confirms the user, call the mint endpoint with your
kt_live_... key that has the agents:write scope. You get back a signed
token scoped to one org + agent, with an expires_in value. If the org or
verified end user is over budget, the mint endpoint returns
402 instead of a token.2
The widget uses it
The browser presents the session token to the agent’s consumer adapter
routes - the Managed Agents API the
chat widget speaks, and the OpenAI-compatible
Responses and Chat Completions adapters.
It does not work on the native session routes (
/v1/sessions,
/{org}/{agent}/v1/sessions) - those are your backend’s surface and require a
kt_live_ API key.3
Karta verifies it offline
Karta verifies the token’s signature, scope, and expiry - without a network
round-trip.
Mint response
TTL bounds
If you pass
ttl_seconds, Karta clamps it into that range.
What the token pins
The minted token pinsorg_id, agent_id, agent_slug, scope, and exp.
Because org and agent are pinned, cross-tenant access is blocked: a token
for one agent cannot touch another.
When the widget mints from an embed key with verified identity,
the token also carries sub, the server-verified subject for your signed-in
user. If your server provides a signed step-up identity token, the session token
can also carry recent stepped_up_at / aal claims for sensitive approvals.
Keep the TTL short. A session token is scoped to one org + agent and
expires after a 900-second default. Without verified identity it is not bound
to an individual end user; with verified identity it is bound to the signed
sub.
Mint a fresh token per user session so a leak is contained to that token’s
lifetime.
