Agents
Agents Auth
Agent workflows should authenticate to NativeForm from trusted server environments only. Keep API keys private and treat every agent call as a privileged backend integration.
Key Management
Manage keys centrally from API key documentation. Follow these practices for agent environments.
Separate keys per environment
Create separate keys for development, staging, and production to isolate blast radius.
Use a secret manager
Store keys in your runtime secret manager (e.g. Vercel env vars, AWS Secrets Manager), never in repository files.
Rotate on ownership changes
Rotate keys whenever team ownership changes or unexpected usage is detected.
Name keys by integration
Use integration-specific key names so revocation targets a single workflow, not all of them.
Server Pattern
Put a thin server endpoint between agent clients and NativeForm so secrets never leave your infrastructure.
/api/agent/nativeformClient → your server
Agent or browser sends the form payload to your backend route. No API key in the request.
Your server → NativeForm
Your backend injects the API key from environment variables and forwards the request to NativeForm.
Next.js proxy example
Required Headers
Every authenticated request must include this header.
Required header
x-nativeform-api-key: nfk_xxxxxx_secretx-nativeform-api-keystringRequiredYour account-level API key. Follows the format nfk_<prefix>_<secret>. Keys are shown once at creation time.
Troubleshooting
Common authentication issues in agent environments.
Verify the key header is set on the server request and the key has not been revoked. Check for typos in the header name.
Confirm production secret values are present and not shadowed by empty environment variables. Check your deployment platform's env config.
Check if multiple workers are using stale key caches after a key rotation. Restart workers or clear caches after rotating.