Agents & Keys
Hub → Agents & Keys is the source of truth for Hub agent operations. Use it to inspect registered agents, copy MCP/API connection details, rotate keys, check setup state, review logs, and troubleshoot access problems.
The old /hub/api-keys route redirects to /hub/agents; key management now belongs to Agents & Keys and the agent detail flow.
What the page shows
The agent list can show operational state such as:
- Agent name and identity.
- Setup or funding state.
- MCP/API key status.
- Last activity or tool-call status.
- Available actions for the selected agent.
Use this page for 24/7 Web3 agents. For Studio bots, use the Studio bot cockpit.
Agent detail
Open an agent to manage its operational controls.
Typical agent detail controls include:
| Control | Purpose |
|---|---|
| MCP endpoint | Copy the endpoint for the agent runtime. |
| Key management | Create, rotate, or revoke scoped keys. |
| Scope state | Confirm whether the agent has read, trade, or manage access. |
| Funding/wallet state | Check whether the agent is funded and ready to trade. |
| Logs | Review tool calls, errors, auth failures, and setup events. |
| Claim/ownership-sensitive actions | Complete protected flows when ownership or management changes. |
Do not use raw database edits for wallet, key, scope, or audit operations.
MCP connection
Hub agents connect through:
POST https://api.balchemy.ai/mcp/<publicId>
Authorization: Bearer <agent-key>
Content-Type: application/jsonUse the publicId from the agent setup flow. Do not derive IDs from logs or unrelated URLs.
After connecting, call tools/list to confirm the visible tools for that key.
Key management
Keys are scoped and revocable. Use clear names so future operators know where each key is deployed.
Safe key pattern:
- Create a key with the minimum scope.
- Copy the secret immediately; full keys are shown once.
- Store it in a secrets manager or secure runtime environment.
- Test with
tools/list. - Enable trade actions only after read-only calls work.
- Rotate after deployments, operator changes, or suspected exposure.
- Revoke keys that are no longer used.
Scope selection
| Scope | Use it for |
|---|---|
read | Status, logs, portfolio, research, and monitoring. |
trade | Trading actions allowed by policy and risk checks. |
manage | Sensitive management actions such as key rotation or configuration changes. |
A 24/7 trading runtime usually does not need manage. Keep management keys separate from unattended execution.
Monitoring
Use Hub logs and status cards to inspect:
- Authentication failures.
- Scope failures.
- Tool-call errors.
- Trading requests and policy outcomes.
- Key usage.
- Setup and funding state.
If a runtime fails after deployment, check scope first, then key status, then agent setup/funding state.
Common issues
The agent has no visible trade tools.
The key may be read scoped, the agent may not be funded or trading-ready, or the runtime may expose a reduced tool set. Use tools/list with the same key.
The agent used to work but now returns unauthorized.
The key may be revoked, rotated, expired, or pointed at the wrong publicId. Create a new key from the agent detail flow and update the runtime.
I expected this key to control a Studio bot. Hub agent keys are not Studio bot keys. For one Studio bot, create a bot-scoped key from the Studio bot MCP tab.