Skip to main content
Beta Feature - Agent Accounts is currently in beta and requires access approval.
Agent Accounts in Runlayer represent AI applications or services that interact with MCP servers on behalf of users or autonomously. They are the primary way to programmatically connect your AI applications to the Runlayer platform.

What is an Agent Account?

An Agent Account is a registered client application that can:
  • Authenticate programmatically using OAuth 2.0 client credentials
  • Call MCP tools through the Runlayer proxy
  • Act on behalf of users when delegated permissions
  • Operate autonomously with its own policies
Each agent account receives a unique Client ID and Client Secret upon creation, which are used to authenticate API requests.

Token Types

Agent accounts can obtain two types of access tokens depending on their use case:

M2M Token (Machine-to-Machine)

Use M2M tokens when your agent account operates autonomously without a specific user context.
  • Agent account operates independently
  • Only agent account-level policies are enforced
  • Ideal for background jobs, scheduled tasks, or autonomous AI agents

OBO Token (On-Behalf-Of)

Use OBO tokens when your agent account acts on behalf of a specific user.
  • Agent account operates in the context of a delegating user
  • Intersection of agent account and user policies are enforced
  • Requires an active delegation from the user to the agent account
  • Ideal for user-facing AI assistants or copilots

Authentication

Agent accounts authenticate using the OAuth 2.0 Client Credentials flow. The token endpoint returns a JWT that you include in the Authorization header of all API requests.

Getting an M2M Token

# Get M2M token (agent-only, no user context)

TOKEN_RESPONSE=$(curl -s -X POST 'https://your-runlayer-instance.com/api/v1/oauth/token' \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=client_credentials" \
  --data-urlencode "client_id=your-client-id" \
  --data-urlencode "client_secret=your-client-secret")

ACCESS_TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token')

echo "M2M Token: ${ACCESS_TOKEN:0:50}..."
# Token valid for 1 hour

Getting an OBO Token

To get an OBO token, you need either:
  1. A user UUID from an active delegation (simplified flow)
  2. A WorkOS user access token (RFC 8693 compliant)
# Get OBO token (agent acting on behalf of a user)

# Option 1: Simplified with user UUID (recommended if you have delegation)
USER_ID="user-uuid-from-delegation"

TOKEN_RESPONSE=$(curl -s -X POST 'https://your-runlayer-instance.com/api/v1/oauth/token' \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=client_credentials" \
  --data-urlencode "client_id=your-client-id" \
  --data-urlencode "client_secret=your-client-secret" \
  --data-urlencode "actor_token=$USER_ID" \
  --data-urlencode "actor_token_type=urn:runlayer:token-type:user-id")

# Option 2: With WorkOS user access token (RFC 8693 compliant)
# USER_ACCESS_TOKEN="user-workos-access-token"
# TOKEN_RESPONSE=$(curl -s -X POST 'https://your-runlayer-instance.com/api/v1/oauth/token' \
#   -H "Content-Type: application/x-www-form-urlencoded" \
#   --data-urlencode "grant_type=client_credentials" \
#   --data-urlencode "client_id=your-client-id" \
#   --data-urlencode "client_secret=your-client-secret" \
#   --data-urlencode "actor_token=$USER_ACCESS_TOKEN" \
#   --data-urlencode "actor_token_type=urn:ietf:params:oauth:token-type:access_token")

OBO_TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.access_token')

echo "OBO Token: ${OBO_TOKEN:0:50}..."
# Agent now acts with intersection of agent + user policies

Calling MCP Tools

Once authenticated, you can call MCP tools through the Runlayer proxy using your access token. 
# Call MCP tool through the Runlayer proxy
# Use $ACCESS_TOKEN (M2M) or $OBO_TOKEN

curl -X POST "https://your-runlayer-instance.com/api/v1/proxy/servers/your-server-id/tools" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "tool_name": "get_context",
    "arguments": {
      "query": "project structure"
    }
  }'

Delegations

Delegations allow users to grant agent accounts permission to act on their behalf. When a user creates a delegation to an agent account, the agent account can request OBO tokens for that user.

Key Concepts

  • Delegator: The user granting permission
  • Delegatee: The agent account receiving permission
  • Server Sessions: Which MCP servers the agent account can access on behalf of the user
  • Expiration: Delegations can have optional expiration times
  • Revocation: Users can revoke delegations at any time

Delegation Flow

  1. User navigates to the agent account in the Runlayer UI
  2. User creates a delegation, selecting which server sessions to include
  3. Agent account requests an OBO token using the user’s ID
  4. Agent account calls MCP tools with the user’s permissions applied

Server Session Configuration

Each delegation includes per-server session configuration that determines how the agent account authenticates to MCP servers on behalf of the user. Two Authentication Modes:
ModeDescriptionWhen to Use
User’s OAuth SessionAgent account uses the delegating user’s existing OAuth credentialsMCP servers requiring OAuth authentication
No AuthenticationAgent account accesses server without credentialsMCP servers that don’t require authentication
How it works:
  1. When creating a delegation, you configure each MCP server the agent account can access
  2. For OAuth-enabled servers, select the user’s existing OAuth session
  3. For servers without authentication requirements, mark as “No auth required”
  4. At runtime, Runlayer resolves the appropriate credentials based on this configuration
If a user’s OAuth session expires, the agent account will receive an authentication error until the user re-authorizes the server.

Policies

Both agent accounts and users can have policies that control what actions they can perform. When an agent account uses an OBO token, the effective permissions are the intersection of:
  • The agent account’s policies
  • The user’s policies
  • Any server-level policies
This ensures that an agent account acting on behalf of a user can never exceed either party’s permissions.

Best Practices

Store your agent account’s client secret securely (e.g., environment variables, secrets manager). Never commit it to version control or expose it in client-side code.
If your agent account is acting on behalf of a specific user, always use OBO tokens rather than M2M tokens. This ensures proper audit trails and policy enforcement.
Access tokens are valid for 1 hour. Implement token refresh logic in your application to request new tokens before expiration.
Configure your agent account’s policies to only allow the minimum permissions required for its function. Avoid granting broad access.

Managing Agent Accounts

Agent accounts are managed through the Admin section of the Runlayer UI:
  1. Navigate to Admin → Agent Accounts
  2. Create new agent accounts with the Add Agent Account button
  3. Configure agent account settings, policies, and delegations
  4. View agent account activity in the audit logs
Only administrators can create and manage agent accounts. Users can view agent accounts and create delegations to agent accounts they have access to.

Credential Rotation

Agent account credentials should be rotated periodically or after security events to maintain security.

When to Rotate

  • Scheduled rotation: Rotate credentials every 90 days as a best practice
  • Security incident: Immediately rotate if credentials may have been exposed
  • Personnel changes: Rotate when team members with access leave the organization
  • Suspicious activity: Rotate if you detect unusual API usage patterns

How to Rotate

  1. Navigate to Admin → Agent Accounts
  2. Select the agent account to rotate
  3. Click Rotate Credentials
  4. Confirm the rotation
  5. Save the new client secret immediately (shown only once)
  6. Update your application with the new credentials

Impact of Rotation

When you rotate credentials:
  • Old credentials are immediately invalidated - Existing tokens stop working
  • Active sessions are terminated - The agent account must re-authenticate
  • Delegations remain intact - No need to recreate delegations
  • Policies are unchanged - Access rules continue to apply
Plan for brief downtime when rotating credentials. Update your application with the new secret before the old one is invalidated, or coordinate the rotation during a maintenance window.

Error Handling

When authenticating or making API calls, you may encounter these common errors:

Authentication Errors

Error CodeErrorCauseRemediation
400unsupported_grant_typeWrong grant type usedUse client_credentials for agent account tokens
401invalid_clientInvalid client ID or secretVerify credentials are correct and not rotated
401invalid_grantInvalid or expired tokenRe-authenticate to get a new token
403invalid_grantUser deactivatedContact admin to reactivate user account
403invalid_grantNo valid delegationCreate a delegation in the Runlayer UI

OBO Token Exchange Errors

Error CodeErrorCauseRemediation
400invalid_requestInvalid actor_token formatUse valid user UUID or WorkOS token
403invalid_grantDelegation expired or revokedCreate a new delegation
403invalid_grantAgent account disabledContact admin to re-enable agent account

Proxy Call Errors

Error CodeErrorCauseRemediation
400MISSING_SERVER_AUTH_CONFIGServer not configured in delegationAdd server to delegation with session config
401OAuth session not foundUser’s OAuth session missingUser needs to authorize the MCP server
401OAuth session expiredUser’s OAuth session expiredUser needs to re-authorize the MCP server
403Policy deniedPBAC policy blocked the requestReview agent account and user policies

Example Error Response

{
  "error": "invalid_grant",
  "error_description": "No valid delegation found for agent account 'My Agent' and user '[email protected]'",
}
Check the error_description field for specific guidance on how to resolve the error. Most errors include remediation hints.