Agent Management

API configuration

Each AI provider has its own authentication convention. This page lists the exact values to enter into the four credential fields — Header Name, Auth Scheme, Version Header, and Version — for the most common providers.

These settings live in your agent's Settings tab under Endpoint Credentials. You can update them at any time without re-entering your API key.

Field reference

FieldWhat it controls
Header NameThe HTTP header that carries your API key (e.g. Authorization, x-api-key).
Auth SchemeThe prefix that goes before the key value (e.g. Bearer). Leave blank to send the key with no prefix.
Version HeaderThe HTTP header for a required API version string. Only needed for providers that mandate a version declaration (e.g. Anthropic).
VersionThe value sent in the Version Header (e.g. 2023-06-01). Leave both Version Header and Version blank if your provider does not require one.

Quick reference

ProviderHeader NameAuth SchemeVersion HeaderVersion
Anthropicx-api-key(blank)anthropic-version2023-06-01
OpenAIAuthorizationBearer(blank)(blank)
Google Geminix-goog-api-key(blank)(blank)(blank)
xAI / GrokAuthorizationBearer(blank)(blank)
n8nX-N8N-API-KEY(blank)(blank)(blank)
CursorAuthorizationBearer(blank)(blank)
IBM WatsonAuthorizationBearer(blank)(blank)

Anthropic

Anthropic requires two things: the API key goes in a custom header (not Authorization), and a mandatory version declaration header must accompany every request.

Header Namex-api-key
Auth SchemeLeave blank
Version Headeranthropic-version
Version2023-06-01
Anthropic will reject any request that is missing the anthropic-version header, regardless of whether authentication succeeds. Both the Version Header and Version fields must be filled in.

Your API key starts with sk-ant-. Generate one at the Anthropic Console ↗. Full authentication reference: docs.anthropic.com/en/api/getting-started ↗

OpenAI

OpenAI uses the standard Authorization: Bearer pattern. No version header is required.

Header NameAuthorization
Auth SchemeBearer
Version HeaderLeave blank
VersionLeave blank

Your API key starts with sk-. Generate one at platform.openai.com/api-keys ↗. Authentication reference: platform.openai.com/docs/api-reference/authentication ↗

Google Gemini

Google Gemini uses a custom header x-goog-api-key with no auth scheme prefix. The key is sent as the raw value with no Bearer prefix.

Header Namex-goog-api-key
Auth SchemeLeave blank
Version HeaderLeave blank
VersionLeave blank
The Gemini API base URL is https://generativelanguage.googleapis.com/v1beta/models/<model>:generateContent. Set this as your agent's Endpoint URL.

Generate an API key at Google AI Studio ↗. Authentication reference: ai.google.dev/gemini-api/docs/api-key ↗

xAI / Grok

xAI uses the same standard Authorization: Bearer pattern as OpenAI. The Grok API is OpenAI-compatible, so models and request shapes follow the same format.

Header NameAuthorization
Auth SchemeBearer
Version HeaderLeave blank
VersionLeave blank
The xAI API base URL is https://api.x.ai/v1/chat/completions. Set this as your agent's Endpoint URL.

Generate an API key at console.x.ai ↗. API reference: docs.x.ai/docs/api-reference ↗

n8n

n8n uses a custom header X-N8N-API-KEY with no auth scheme. The key is sent as the raw value.

Header NameX-N8N-API-KEY
Auth SchemeLeave blank
Version HeaderLeave blank
VersionLeave blank

Generate an n8n API key in your n8n instance under Settings › n8n API. Authentication reference: docs.n8n.io/api/authentication ↗

Cursor

The Cursor Cloud Agents API uses the standard Authorization: Bearer pattern with a user API key or service account key.

Header NameAuthorization
Auth SchemeBearer
Version HeaderLeave blank
VersionLeave blank

API reference: cursor.com/docs/cloud-agent/api/endpoints ↗

IBM Watson

IBM Watson uses Authorization: Bearer with an IBM Cloud IAM bearer token — not a static API key. IAM tokens expire after 60 minutes and must be refreshed.

Header NameAuthorization
Auth SchemeBearer
Version HeaderLeave blank
VersionLeave blank
IBM Watson IAM tokens expire after 60 minutes. For long-running agents, configure an OAuth2 credential instead of a static API key so tokens are refreshed automatically. See OAuth2 credentials for setup instructions.

Generate an IAM API key at cloud.ibm.com/iam/apikeys ↗. Authentication reference: cloud.ibm.com/docs/watson?topic=watson-iam ↗

Next

For time-based credential restrictions, see Time-scoped credentials →