Broker Grants
View and manage secrets broker grants. The broker controls which agents can access which secret domains (API keys, credentials, tokens).
GET /api/v1/broker/grants
List all current grants.
Response 200 OK
[
{
"agent": "researcher",
"domain": "anthropic",
"status": "active",
"granted_at": "2026-03-17T08:00:00Z"
},
{
"agent": "researcher",
"domain": "github",
"status": "revoked",
"granted_at": "2026-03-17T08:00:00Z",
"revoked_at": "2026-03-17T09:30:00Z"
}
]
Grant fields
| Field | Type | Description |
|---|---|---|
agent | string | Agent name |
domain | string | Secret domain identifier |
status | string | active or revoked |
granted_at | string | ISO 8601 timestamp of grant creation |
revoked_at | string | ISO 8601 timestamp of revocation (if revoked) |
POST /api/v1/broker/grants/{agent}/{domain}/revoke
Revoke an active grant. The agent will lose access to the secret domain immediately.
Response 200 OK
{"agent": "researcher", "domain": "github", "status": "revoked"}
Returns 404 if no active grant exists for the agent/domain pair.
POST /api/v1/broker/grants/{agent}/{domain}/restore
Restore a previously revoked grant.
Response 200 OK
{"agent": "researcher", "domain": "github", "status": "active"}
Returns 404 if no revoked grant exists for the agent/domain pair.