Replace hundreds of lines of auth glue code with 3 lines. Encrypted credentials, automatic token refresh, and rate limitingβ so your agents stay focused on what they do best.
pip install clavis
Every AI agent project starts the same way: 30 minutes of writing auth code that should already exist.
API keys hardcoded in .env files, environment variables duplicated across services, secrets leaking into logs. One compromise and everything is exposed.
OAuth tokens expire at 3 AM, your agent crashes, you wake up to failed jobs. Writing refresh logic correctlyβwith retries and race conditions handledβis tedious work.
One API has 10 req/sec, another has 60 RPM. When you have 5 agent instances sharing credentials, you're constantly debugging 429s and writing custom backoff logic.
Who authenticated when? Which agent hit the rate limit? Which token was used for that API call? Without an audit log, debugging is guesswork.
Kalshi uses session tokens. Coinbase requires HMAC signing. OpenAI just needs an API key. Every new service is another week of reading docs and writing connectors.
Auth code isn't your product. It's infrastructure that steals hours from every new agent project. You deserve to ship the thing that matters, not the plumbing.
Clavis handles everything. Store your credentials once, get valid tokens everywhere, automatically.
# β Before Clavis β 100+ lines of glue code import os, time, threading import requests from cryptography.fernet import Fernet # Roll your own encryption key = Fernet(os.environ["SECRET_KEY"]) encrypted_creds = key.encrypt( os.environ["OPENAI_KEY"].encode() ) # Home-grown token cache (not thread-safe) _token_cache = {} _cache_lock = threading.Lock() def get_token(service): with _cache_lock: cached = _token_cache.get(service) if cached and cached["expires"] > time.time(): return cached["token"] return _refresh_token(service) def _refresh_token(service): # Different flow for every service if service == "openai": # API key never expires β but what if it's rotated? token = key.decrypt(encrypted_creds).decode() elif service == "kalshi": resp = requests.post( "https://trading-api.kalshi.com/trade-api/v2/login", json={"email": os.environ["KALSHI_EMAIL"], "password": os.environ["KALSHI_PASS"]} ) resp.raise_for_status() token = resp.json()["token"] # Store with expiry ... manually with _cache_lock: _token_cache[service] = { "token": token, "expires": time.time() + 86400 } return token # Retry logic (you'll write this wrong the first time) def call_with_retry(service, url, **kwargs): for attempt in range(3): try: token = get_token(service) headers = {"Authorization": f"Bearer {token}"} resp = requests.request(headers=headers, **kwargs) if resp.status_code == 429: time.sleep(2 ** attempt) # backoff continue return resp except Exception as e: if attempt == 2: raise # rate limit tracking per service? # audit log? multi-agent dedup? good luck.
# β After Clavis β just 3 lines from clavis import ClavisClient client = ClavisClient(api_key="your-clavis-key") # Get a valid token for any service. # Clavis handles encryption, refresh, # caching, retries, and audit logging. token = await client.get_token("my-openai") # Or proxy the whole request. # Auth injected, rate limits tracked. response = await client.proxy( "my-openai", "POST", "/v1/chat/completions", body={ "model": "gpt-4o", "messages": messages, } )
Create your free Clavis account and get your developer API key.
POST your service API keys. They're encrypted and never stored in plaintext.
get_token()Every agent call is one line. We handle the restβforever.
Production-grade infrastructure, so you can focus on the logic that makes your agents valuable.
All credentials encrypted with Fernet symmetric encryption. Decrypted only in memory at token-refresh time. Your keys never appear in logs or the database.
Tokens are refreshed proactively β 5 minutes before expiry. Background tasks keep every token fresh. Three retries with exponential backoff before alerting.
Sliding window algorithm tracks requests per service across all your agents. When you're within 10% of the limit, warning headers fire before you hit a 429.
When rate limits are reached, requests queue automatically and resume when the window resets β no failed agent runs, no manual retry logic needed.
Every authentication event, token refresh, and proxy request is logged with timestamps and developer IDs. Debug production failures without guessing.
Built-in connectors for OpenAI, Kalshi, and Coinbase. Generic API key and OAuth2 connectors for everything else. Each connector knows its own rate limits.
No credit card required to get started. Upgrade when your agents go to production.
Perfect for prototyping and side projects.
For agents running in production.
For teams running fleets of agents at scale.
One API key. Every service. Handled.
pip install clavis