Skip to main content
Backed by Combinator

Let agents work.
Stay in control.

Alter Vault manages OAuth tokens and API keys, enforces fine-grained policies, and audits every action — so your AI agents can securely access any API.

Early Access Docs
gnt_7x92k
Incoming Request
A
sales-agent
agent: ai_agent
GET api.github.com/user/repos
Policy Evaluation
Identity verified
Scope check: repo:read
Rate limit: 847 / 1,000
Token refreshed (3m ago)
Authorization Result
APPROVED
Injected Headers
Authorization: Bearer ghp_••••••••k4m2
X-Alter-Grant: gnt_7x92k
Audit Log
action: token.proxy
agent: sales-agent
target: github.com
status: 200 OK
latency: 142ms
SOC 2 Compliant
100+ Integrations
Zero-Trust Architecture
How it works

The authorization layer between agents and APIs

Users authorize via the Connect widget. Agents request access through the SDK. Every token is encrypted, every call is policy-checked, every action is logged.

LegitimateAgent reads calendar with authorized scope
scheduling-agentGETgoogleapis.com/calendar/v3/events
EVALUATING…
END USERS
Authorize via Connect
OAuth consent
YOUR INTEGRATIONS
MCP ServersAI AgentsChatbotsApps
SDK request
Alter Vault
Connect
Vault
Policy
Audit
Token + API call
EXTERNAL SERVICES
GoogleGoogle
SlackSlack
GitHubGitHub
SalesforceSalesforce
NotionNotion
LinearLinear
OAuth + API keys
Event log
1User authorized Google Calendar via Connect widget
2Scheduling agent requests calendar access via SDK
3Identity verified · Policy: scope=calendar.readonly · APPROVED
4Token decrypted · GET googleapis.com/calendar/v3 · 200 OK
5Logged: scheduling-agent → calendar.readonly → APPROVED
See it in action

Your agent asks. Alter decides.

Every API call flows through the authorization engine — real-time policy evaluation, identity resolution, and audit logging.

AI Agent
Agent

Fix the rate limit bug in production. Check Datadog for the errors and push the fix to GitHub.

S

On it. I'll need access to three services:

FIX-847 sarah@acme.org 2m ago
Running
Alter Vault
ALTER VAULT
Request
datadog:logs:read
"Fetch error logs from Datadog"
Identity
Organization
Acme Corp
Organization
End User
sarah@acme.org
Okta SSO
Agent
claude-code
AI Agent
Task
fix rate limit bug
Runtime
PolicyWhen fixing bugs: allow logs:read
Access Granted
Scope
datadog/logs — logs:read
Context
Sarah → Claude → FIX-847
Expires
task completion
Inside the vault

From identity to audit trail

When a request arrives, the vault resolves identity, enforces policy, retrieves credentials, and logs every decision.

Every request, fully attributed

Before anything happens, the vault resolves the full chain — organization, app, user, and actor. Every API call is traceable back to a real human, even when an AI agent makes it.

Complete chain of custody for every API call.

Organization, app, end user, and agent identified on every request
Know which agent is acting on behalf of which end user
Register each agent once — track individual runs automatically
Full delegation chain — trace any action back to its source
Identity Resolution
Organization
Acme Corp
Workspace with 12 developers
App
Acme Scheduler
3 providers configured
End User
sarah@acme.dev
Linked via identity provider
Agent
scheduling-bot
AI Agent · LangChain framework
TRACEDAcme Corp → Acme Scheduler → sarah@ → scheduling-bot · 1.8ms
Tools & interfaces

Built for developers and end users

An embeddable OAuth widget, dual SDKs, a developer dashboard, and a portal where end users manage their own connections.

Agents call APIs through the vault

When an AI agent needs to call an external API, it sends the request through Alter Vault — specifying the connection and the scope it needs.

Python & TypeScript parity — zero token exposure.

One line of code — specify the connection and scope
Python and TypeScript SDKs with identical interfaces
SDK handles signing automatically
Read the SDK docs
vault.request()
from alter_sdk import AlterVault, ActorType, HttpMethod
 
vault = AlterVault(
    api_key="alter_key_...",
    actor_type=ActorType.AI_AGENT,
    actor_identifier="my-agent",
)
 
# Make API request — token injected automatically
response = await vault.request(
    "gnt_7x92k",
    HttpMethod.GET,
    "https://api.github.com/user/repos",
    query_params={"sort": "updated", "per_page": "5"},
)
 
repos = response.json()
Integrations

100+ integrations

Connect to every major SaaS platform. New providers added weekly.

Google Google
Zoom Zoom
Slack Slack
GitHub GitHub
Salesforce Salesforce
HubSpot HubSpot
Linear Linear
Notion Notion
Dropbox Dropbox
Discord Discord
Stripe Stripe
Figma Figma
Asana Asana
Airtable Airtable
Atlassian Atlassian
Sentry Sentry
Jira Jira
GitLab GitLab
Spotify Spotify
PayPal PayPal
Zendesk Zendesk
Miro Miro
Canva Canva
Reddit Reddit
X X
Instagram Instagram
Pinterest Pinterest
Mailchimp Mailchimp
QuickBooks QuickBooks
Square Square
Shopify Shopify
ClickUp ClickUp

Ready to secure your agents?

Start free with 50 connections and 10K API calls. No credit card required.

Early Access Read the Docs