Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.alterauth.com/llms.txt

Use this file to discover all available pages before exploring further.

This page is the shortest path from “nothing in place” to “app code just hit a real third-party API through Alter Vault.” Demo target: post a Slack message. Total time: under five minutes. No auth code is required. The SDK call shown below is the same call that ships to production.
1

Sign up

Create a free account at portal.alterauth.com.
Alter Vault sign-up screen
2

Create an App

In the portal sidebar pick Apps → New App, name it quickstart, and click Create.
Create App dialog
3

Mint an API key

Open the new app, go to API Keys → Mint key, copy the value, and export it:
export ALTER_API_KEY="alter_key_app_..."
The key is shown once. When the plaintext is lost, mint a new one and revoke the old.
Mint key dialog with one-time secret
For agent workloads, use a per-agent key from the Agents tab instead. See Agents → Keys and rotation.
4

Install the SDK

pip install alter-sdk
5

Connect Slack as the developer

Run this once. It opens a browser, walks through Slack OAuth, and prints the grant_id used in the next step.
import asyncio, os
from alter_sdk import App

async def main():
    vault = App(api_key=os.environ["ALTER_API_KEY"])
    results = await vault.connect(providers=["slack"])
    print("grant_id:", results[0].grant_id)
    await vault.close()

asyncio.run(main())
Slack OAuth consent screen
Save the printed grant_id — set it as SLACK_GRANT_ID in the environment.
6

Send a Slack message

Replace #general with an accessible channel:
import asyncio, os
from alter_sdk import App, HttpMethod

async def main():
    vault = App(api_key=os.environ["ALTER_API_KEY"])
    response = await vault.request(
        HttpMethod.POST,
        "https://slack.com/api/chat.postMessage",
        grant_id=os.environ["SLACK_GRANT_ID"],
        json={"channel": "#general", "text": "Hello from Alter Vault."},
    )
    print(response.status_code, response.json())
    await vault.close()

asyncio.run(main())
Check Slack — the message is there.
Slack channel showing the posted message

What just happened

vault.request() looked up the Slack grant, fetched a fresh token from the vault, signed an HMAC-authenticated call to the Alter backend, injected the token into the outgoing Slack call, and returned the response. Application code never touched a token.

Where next

Production identity (JWT)

Drop grant_id and resolve users from the IDP’s JWT. The recommended path for any app with logged-in users.

Workload identity (Agents)

Give each agent its own key, audit trail, and access set.

Provider directory

50+ OAuth providers ready to wire up the same way Slack was wired.