Agent Management
Time-scoped credentials
Time-scoped credentials restrict when your agent's endpoint credentials are available for use. Outside the defined time window, the proxy rejects forwarded calls — adding an extra layer of security for sensitive endpoints.
Two modes
Time-scoped access supports two modes, each suited to different operational patterns:
Business hours
Credentials are available during specific hours on selected days of the week. Configure which days (Monday through Friday checkboxes), a start hour, and an end hour. The proxy checks the current time in your configured timezone before every call.
Scheduled only
Credentials are available only near a recent schedule trigger. The live configuration stores a window in seconds, and the proxy checks whether one of this agent's schedules fired recently enough to unlock the credential. Outside that window, the call is rejected before credential injection.
Business hours configuration
Select the time scope mode
In the Credential Security section, choose Business Hours from the mode selector.
Choose active days
Check the days of the week when credentials should be active. Each day (Monday through Sunday) has its own checkbox. Typical business hours use Monday through Friday.
Set start and end hours
Select the start hour and end hour using the hour pickers. Hours are in 24-hour format. For example, 09:00 to 17:00 covers a standard business day.
Set the timezone
Select the timezone that the hours are evaluated in. All time checks use this timezone — not UTC. Choose the timezone where your operations team works.
What happens outside the window
When a proxy call arrives outside the configured time window, the proxy rejects the request before it reaches your external endpoint. The caller receives an error response indicating that the agent's credentials are not available at the current time. The request is never forwarded.
Timezone handling
The timezone you configure determines when the window opens and closes. If you select "America/New_York" with hours 09:00 to 17:00, credentials are active from 9 AM to 5 PM Eastern regardless of where the caller is located. Daylight saving time adjustments are handled automatically.
Configuration walkthrough
The Credential Security section appears on the Settings tab below the Endpoint Credentials fields. Select a mode to reveal its configuration options. Changes take effect immediately after saving — no restart or re-registration is required.
Next
For endpoints that support OAuth2, see OAuth2 credentials →