Skip to content
Alter Docs

Admin

Setting Up an App

Create an app, configure providers, mint API keys.

An app is the unit that owns API keys, provider configuration, and grants. Most products have one app per environment (production, staging). This page covers the operator setup from zero to “the SDK can make calls.”

Creating the app

Section titled “Creating the app”

In the developer portal at portal.alterauth.com: Apps → New App. Pick a name and click Create.

For a multi-environment setup, create a separate app per environment (product-prod, product-staging). Each app has its own keys, grants, and provider configuration — no chance of a staging credential reaching production.

Configuring providers

Section titled “Configuring providers”

Two kinds of providers, configured on different portal pages.

OAuth providers

Section titled “OAuth providers”

For credentials end users authorize themselves (Google, Slack, GitHub, …):

  1. Open the app → OAuth Providers → Add Provider.
  2. Pick the provider from the catalog (or Custom OAuth for anything not listed).
  3. Follow the per-provider instructions to register an OAuth client at the provider and paste back the Client ID and Client Secret.
  4. Add Alter’s redirect URI (shown in the portal) to the provider’s allowed callback list.
  5. Pick the default scope set.

Full catalog: OAuth providers reference.

Managed-secret providers

Section titled “Managed-secret providers”

For credentials the operator owns (Datadog API key, AWS access key, …):

  1. Open the app → Managed Secrets → Add Secret.
  2. Pick the provider from the catalog (or Custom for any header-based credential).
  3. Paste the credential. It’s encrypted and sent to the vault; the portal will not display it again.
  4. Issue at least one grant binding the credential to a principal.

Full catalog: Managed secret providers reference.

Configuring the identity provider

Section titled “Configuring the identity provider”

If the app has logged-in end users, wire an identity provider so the SDK can resolve users from their JWTs. Skip this step for backend-only apps and operator scripts.

Minting an API key

Section titled “Minting an API key”

API Keys → Mint key. The plaintext (alter_rk_…) is shown once — copy it into a secret manager and revoke if it’s ever lost.

See API keys for rotation, per-agent keys, and scoped derivation.

Verifying

Section titled “Verifying”

Run the Quickstart Slack flow against the new app, or run any of the guides. If the first call returns a 2xx response from the provider, setup is complete.

What’s next

Section titled “What’s next”
Identity provider

Auth0, Clerk, Okta, custom OIDC.

 API keys

Minting, rotation, agent keys.

 Wallet

What end users see.