Skip to main content
Backed by Combinator

The auth layer
for AI agents.

Let your AI agents securely access any API — Alter Vault handles OAuth tokens, API keys, fine-grained policies, and audit logging so you don't have to.

Early Access Docs
gnt_7x92k
Incoming Request
A
sales-agent
agent: ai_agent
GET api.github.com/user/repos
Policy Evaluation
Identity verified
Scope check: repo:read
Rate limit: 847 / 1,000
Token refreshed (3m ago)
Authorization Result
APPROVED
Injected Headers
Authorization: Bearer ghp_••••••••k4m2
X-Alter-Grant: gnt_7x92k
Audit Log
action: token.proxy
agent: sales-agent
target: github.com
status: 200 OK
latency: 142ms
SOC 2 Compliant
100+ Integrations
Zero-Trust Architecture
How it works

Alter authenticates, authorizes, and logs every request

One SDK call replaces weeks of auth infrastructure. Works with every major agent framework and 100+ providers.

Agent reads calendar with authorized scope
scheduling-agentGETgoogleapis.com/calendar/v3/events
EVALUATING…
END USERS
Authorize via Connect
OAuth consent
YOUR INTEGRATIONS
MCP ServersAI AgentsChatbotsApps
SDK request
Alter Vault
Connect
Vault
Policy
Audit
Token + API call
EXTERNAL SERVICES
GoogleGoogle
SlackSlack
GitHubGitHub
SalesforceSalesforce
NotionNotion
LinearLinear
OAuth + API keys
Event Log
1User authorized Google Calendar via Connect widget
2Scheduling agent requests calendar access via SDK
3Identity verified · Policy: scope=calendar.readonly · APPROVED
4Token decrypted · GET googleapis.com/calendar/v3 · 200 OK
5Logged: scheduling-agent → calendar.readonly → APPROVED
See it in action

Your agent asks. Alter decides.

Define what each agent can and can't do. Alter enforces it on every request, automatically.

AI Agent
Agent

Fix the rate limit bug in production. Check Datadog for the errors and push the fix to GitHub.

S

On it. I'll need access to three services:

FIX-847 sarah@acme.org 2m ago
Running
Alter Vault
ALTER VAULT
Request
datadog:logs:read
"Fetch error logs from Datadog"
Identity
Organization
Acme Corp
Organization
End User
sarah@acme.org
Okta SSO
Agent
claude-code
AI Agent
Task
fix rate limit bug
Runtime
PolicyWhen fixing bugs: allow logs:read
Access Granted
Scope
datadog/logs / logs:read
Context
Sarah → Claude → FIX-847
Expires
task completion

Ready to try it?

Get early access Read the Docs
Inside the vault

From identity to audit trail

Enterprise-grade security from day one. Every component is auditable and configurable.

Every request, fully attributed

Before anything happens, the vault resolves the full chain — organization, app, user, and actor. Every API call is traceable back to a real human, even when an AI agent makes it.

Complete chain of custody for every API call.

Organization, app, end user, and agent identified on every request
Know which agent is acting on behalf of which end user
Register each agent once — track individual runs automatically
Full delegation chain — trace any action back to its source
Identity Resolution
Organization
Acme Corp
Workspace with 12 developers
App
Acme Scheduler
3 providers configured
End User
sarah@acme.dev
Linked via identity provider
Agent
scheduling-bot
AI Agent · LangChain framework
TRACEDAcme Corp → Acme Scheduler → sarah@ → scheduling-bot · 1.8ms
Tools & interfaces

Built for developers and end users

Everything developers need to ship integrations — an embeddable OAuth widget, dual SDKs,
a developer dashboard, plus a portal where end users manage their own connections.

Agents call APIs through the vault

When an AI agent needs to call an external API, it sends the request through Alter Vault — specifying the connection and the scope it needs.

Python & TypeScript parity — zero token exposure.

One line of code — specify the connection and scope
Python and TypeScript SDKs with identical interfaces
SDK handles signing automatically
Read the SDK docs
vault.request()
from alter_sdk import AlterVault, ActorType, HttpMethod
 
vault = AlterVault(
    api_key="alter_key_...",
    actor_type=ActorType.AI_AGENT,
    actor_identifier="my-agent",
)
 
# Make API request (token injected automatically)
response = await vault.request(
    "gnt_7x92k",
    HttpMethod.GET,
    "https://api.github.com/user/repos",
    query_params={"sort": "updated", "per_page": "5"},
)
 
repos = response.json()
Integrations

100+ integrations

Connect to every major SaaS platform. New providers added weekly.

Google Google
Zoom Zoom
Slack Slack
GitHub GitHub
Salesforce Salesforce
HubSpot HubSpot
Linear Linear
Notion Notion
Dropbox Dropbox
Discord Discord
Stripe Stripe
Figma Figma
Asana Asana
Airtable Airtable
Atlassian Atlassian
Sentry Sentry
Jira Jira
GitLab GitLab
Spotify Spotify
PayPal PayPal
Zendesk Zendesk
Miro Miro
Canva Canva
Reddit Reddit
X X
Instagram Instagram
Pinterest Pinterest
Mailchimp Mailchimp
QuickBooks QuickBooks
Square Square
Shopify Shopify
ClickUp ClickUp

Ready to secure your agents?

Get started for free — no credit card required.

Early Access Read the Docs