Documentation Index¶

Fetch the complete documentation index at: https://makakoo-traylinx-35.mintlify.app/llms.txt Use this file to discover all available pages before exploring further.

Sentinel Pass¶

Manage OAuth credentials and monitor API access with TrayLinx Sentinel Pass.

A Sentinel Pass is an OAuth 2.0 credential set that gives an agent or integration a cryptographically-verifiable identity. Instead of sharing long-lived secrets, each Sentinel Pass issues a clientId and clientSecret scoped to a specific project and agent. You can monitor usage, inspect permissions, rotate credentials, and revoke access — all from the TrayLinx dashboard.

What is a Sentinel Pass?¶

Sentinel Passes use an OAuth 2.0 agent-based protocol. When you create a Sentinel Pass, TrayLinx:

Creates an agent user in the Users microservice with a unique client_id and an OAuth credential set.
Creates a Sentinel Pass studio tool linked to that agent, storing metadata such as access level, permissions, and validity period.
Returns the clientId and clientSecret once — you cannot retrieve the secret again after closing the creation dialog.

Each pass belongs to a project and is always privately_visible. Passes carry a credentialType (default: api_key) and optional scopes and permissions fields.

Copy your clientSecret immediately after creation. TrayLinx does not display it again.

Creating a Sentinel Pass¶

Open the Sentinel Pass creation flow from Studio Tools inside your project. Selecting Security & Identity as the asset type routes you to this guided flow.

Navigate to your project and open the AI Studio tab. Click New Tool, select Security & Identity, then click Create Sentinel Pass on the marketing screen.

Fill in the agent details:

* **Agent Name** — letters, numbers, and spaces only (for example, `My Security Agent`). Required.
* **Agent Type** — formatted automatically to lowercase with underscores (for example, `sourcing_agent`). Required.
* **Description** — optional free-text description of the agent's purpose.

You can click **Use Defaults** on the next step to skip manual security configuration and proceed with secure default settings.

Customize the Sentinel Pass metadata:

| Field                 | Description                                                                                                                             | Default             |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
| **Pass ID**           | Human-readable identifier (for example, `SP-2024-A1B2C3`). Auto-generated if left empty.                                                | Auto-generated      |
| **Access Level**      | `basic`, `standard`, `premium`, or `enterprise`                                                                                         | `standard`          |
| **Organization**      | Organization name for display (for example, `Acme Corp`)                                                                                | —                   |
| **Usage Type**        | `ai_assistant`, `automation_tool`, `integration_service`, `mcp_server`, `api_client`, `data_processor`, `monitoring_system`, or `other` | `automation_tool`   |
| **Valid From**        | Start date for the pass                                                                                                                 | Today               |
| **Valid Until**       | Expiration date                                                                                                                         | One year from today |
| **Permissions**       | Comma-separated permission string (for example, `read,write`)                                                                           | `read,write`        |
| **Integration Notes** | Free-text notes for documentation                                                                                                       | —                   |

Review the agent name, type, access level, and organization. Click Create Agent & Pass to submit. TrayLinx creates the agent user and links the Sentinel Pass in a single operation.

After creation, TrayLinx displays your credentials once. Copy them immediately using one of the provided formats:

**JSON format** — paste into a secrets manager or configuration file:

```json  theme={null}
{
  "clientId": "<your-client-id>",
  "clientSecret": "<your-client-secret>",
  "agentUserId": "<your-agent-user-id>",
  "apiBaseUrl": "https://api.traylinx.com/ma-authentication-ms/v1/api"
}
```

**Bash export format** — source directly in your shell or CI environment:

```bash  theme={null}
export TRAYLINX_CLIENT_ID="<your-client-id>"
export TRAYLINX_CLIENT_SECRET="<your-client-secret>"
export TRAYLINX_API_BASE_URL="https://api.traylinx.com/ma-authentication-ms/v1/api"
export TRAYLINX_AGENT_USER_ID="<your-agent-user-id>"
```

Click **Complete** to close the dialog. The Sentinel Pass now appears in your project's Studio Tools list.

Overview dashboard¶

Click any Sentinel Pass in your project to open the detail view. The Overview tab shows a real-time snapshot of the pass:

Total number of API requests made using this pass.

Percentage of successful requests, shown with a green indicator.

Average API response time in milliseconds.

Timestamp of the most recent API call.

The Pass Details section shows:

Pass ID — human-readable identifier (for example, SP-2024-A1B2C3)
Client ID — OAuth client identifier with a one-click copy button
Status — Active or Inactive
Created and Expires — creation and expiration dates
Agent Type — the type assigned during creation (for example, sourcing_agent)
Organization — the associated organization name
Usage Type — for example, Automated System or Manual User
Capabilities — list of enabled capabilities such as API Access, Data Read/Write, Contact Discovery

Permissions¶

Open the Permissions tab to inspect the pass's access configuration:

Permissions breakdown — each permission from the comma-separated permissions metadata field is listed individually with a descriptive label (for example, read:data → Read Data, admin:users → Admin Users).
Access Level — standard, elevated, or custom, shown with a visual indicator.
Capabilities — full list of OAuth capabilities granted to the agent.
Validity period — the valid_from and valid_until dates.
A yellow warning appears if the pass expires within 30 days.
A red indicator appears if the pass has already expired.

Permission information is read-only. To modify permissions, delete the existing pass and create a new one with the required access level, or contact your administrator.

Usage analytics¶

The Usage tab provides charts, performance metrics, and activity logs.

Time range¶

Select the analysis window using the time range selector:

Range	Data resolution
24 hours	Hourly data points
7 days	Daily data points
30 days	Daily data points

Request timeline chart¶

A line chart displays API usage over the selected period:

Blue line — total requests (total_requests)
Green line — success rate percentage (derived from success_count / total_requests)

Hover over any data point to see exact values including total_requests, success_count, error_count, and avg_latency_ms.

Performance metrics¶

Metric	Field	Color coding
Average latency	`avg_latency_ms`	Green \< 200ms · Yellow 200–500ms · Red > 500ms
P95 latency	`p95_latency_ms`	—
Unique endpoints	`unique_endpoints`	—
Error rate	Derived from `error_count`	Warning shown if > 5%

Activity logs¶

The activity log table shows individual API requests with the following columns:

Column	Field
Timestamp	`started_at`
Endpoint	`endpoint`
HTTP method	`http_method`
Status	`success` (✓ / ✗)
Duration	`duration_ms`
IP address	`client_ip`

Expand any row to see additional details: user_agent, status_code, error_message, and metadata.

Filtering¶

Refine the activity log using the filter controls:

Activity type — api_request, token_generation, or error
Status — Success or Failed
Endpoint — text search against endpoint
Date range — custom start_date and end_date (ISO format)
Clear filters — resets all active filters

Filter inputs are debounced at 500ms to avoid excessive API calls while you type.

Pagination¶

The activity log supports 10, 25, 50, or 100 rows per page. The default is 25 rows (per_page: 25). Navigate pages using the pagination controls below the table.

Exporting activity logs¶

Download activity logs for compliance, auditing, or external analysis:

Click Export.
Select a format:
JSON — structured data
CSV — spreadsheet-compatible
JSONL — JSON Lines (one object per line)
The file downloads automatically.

Exported files are named sentinel-pass-activity-{passId}-{timestamp}.{format}.

Exports are limited to 10,000 records. If your date range produces more records than that, narrow the range and export in multiple batches.

Real-time updates¶

Enable auto-refresh on the Usage tab to keep metrics current without manually reloading:

Refresh interval — every 30 seconds
Smart pausing — auto-refresh pauses automatically when the browser tab is inactive
Last updated — the timestamp of the most recent refresh is displayed
Manual refresh — click the refresh icon to trigger an immediate update

If a refresh fails, TrayLinx retries once after 5 seconds. After 3 consecutive failures, auto-refresh stops and an error notification is displayed. Re-enable it manually after resolving the issue.

Security features¶

Credential display¶

client_secret values are never stored or returned after initial creation. The Overview tab shows the client_id (with a copy button) but not the secret. If you need to re-issue credentials, use Regenerate Credentials.

Regenerating credentials¶

From the Overview tab, click Regenerate Credentials to rotate the clientSecret. The agent user is updated in the Users microservice, and a new credential set is displayed once. Update all services using the old secret before regenerating.

Regenerating credentials immediately invalidates the previous clientSecret. Any service still using the old secret will fail to authenticate.

Toggling pass status¶

Click Toggle Status on the Overview tab to activate or deactivate a pass without deleting it. Deactivated passes reject all authentication attempts but retain their configuration and usage history.

Revoking and deleting a Sentinel Pass¶

Revoking disables the pass and marks it as inactive. The pass record and all usage history are preserved.

Deleting permanently removes the pass and its linked agent user. This action cannot be undone.

From the pass detail view, navigate to the Settings tab and click Revoke. The pass status changes to inactive immediately. To re-enable it later, click Activate.

From the pass detail view, navigate to the Settings tab and click Delete. Confirm the deletion in the confirmation dialog. Deletion is permanent — the agent user and all associated metadata are removed.

Learn how TrayLinx handles JWT tokens, sessions, and rate limiting.

Create and manage assets, including the Sentinel Pass creation flow.

Manage project API keys and LLM provider credentials.

Overview of projects, members, and project-level settings.

Built with Mintlify.

Documentation Index¶