Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.alterauth.com/llms.txt

Use this file to discover all available pages before exploring further.

An app is the unit that owns API keys, provider configuration, and grants. Most products have one app per environment (production, staging). This page covers the operator setup from zero to “the SDK can make calls.”

Creating the app

In the developer portal at portal.alterauth.com: Apps → New App. Pick a name and click Create. For a multi-environment setup, create a separate app per environment (product-prod, product-staging). Each app has its own keys, grants, and provider configuration — no chance of a staging credential reaching production.

Configuring providers

Two kinds of providers, configured on different portal pages.

OAuth providers

For credentials end users authorize themselves (Google, Slack, GitHub, …):
  1. Open the app → OAuth Providers → Add Provider.
  2. Pick the provider from the catalog (or Custom OAuth for anything not listed).
  3. Follow the per-provider instructions to register an OAuth client at the provider and paste back the Client ID and Client Secret.
  4. Add Alter’s redirect URI (shown in the portal) to the provider’s allowed callback list.
  5. Pick the default scope set.
Full catalog: OAuth providers reference.

Managed-secret providers

For credentials the operator owns (Datadog API key, AWS access key, …):
  1. Open the app → Managed Secrets → Add Secret.
  2. Pick the provider from the catalog (or Custom for any header-based credential).
  3. Paste the credential. It’s encrypted and sent to the vault; the portal will not display it again.
  4. Issue at least one grant binding the credential to a principal.
Full catalog: Managed secret providers reference.

Configuring the identity provider

If the app has logged-in end users, wire an identity provider so the SDK can resolve users from their JWTs. Skip this step for backend-only apps and operator scripts.

Minting an API key

API Keys → Mint key. The plaintext (alter_key_app_…) is shown once — copy it into a secret manager and revoke if it’s ever lost. See API keys for rotation, per-agent keys, and scoped derivation.

Verifying

Run the Quickstart Slack flow against the new app, or run any of the guides. If the first call returns a 2xx response from the provider, setup is complete.

What’s next

Identity provider

Auth0, Clerk, Okta, custom OIDC.

API keys

Minting, rotation, agent keys.

Wallet

What end users see.