Documentation Index
Fetch the complete documentation index at: https://docs.layer3x.com/llms.txt
Use this file to discover all available pages before exploring further.
Getting started
Authentication
API Key Authentication
Every agent registered in Layer3x has a unique API key. Include it in every request as a header:
X-Agent-API-Key: agk_your_key_here
API keys are:
- Generated once at agent creation
- Shown only once — store them immediately
- Rotatable at any time from the Agents page
- Scoped to a single agent and tenant — keys cannot access other agents
HMAC Request Signing (optional)
For higher security requirements, Layer3x supports HMAC-SHA256 request signing per agent — the same pattern used by Stripe and Plaid for webhook verification.
When HMAC signing is enabled for an agent, every request must include a signature header:
X-Layer3-Signature: sha256=<hex_signature>
The signature is computed as:
const signature = crypto
.createHmac('sha256', YOUR_HMAC_SECRET)
.update(JSON.stringify(requestBody))
.digest('hex')
HMAC signing is opt-in per agent. Agents without an HMAC secret configured authenticate with their API key only.
Key Rotation
Rotate your agent’s API key from the Agents page:
- Go to Agents → click ··· on the agent row
- Click Rotate API Key
- Copy the new key immediately — the old key is invalidated
After rotation, update any systems using the old key before the rotation is complete.