Skip to main content
A Sentinel Pass is an OAuth 2.0 credential set that gives an agent or integration a cryptographically-verifiable identity. Instead of sharing long-lived secrets, each Sentinel Pass issues a clientId and clientSecret scoped to a specific project and agent. You can monitor usage, inspect permissions, rotate credentials, and revoke access — all from the TrayLinx dashboard.

What is a Sentinel Pass?

Sentinel Passes use an OAuth 2.0 agent-based protocol. When you create a Sentinel Pass, TrayLinx:
  1. Creates an agent user in the Users microservice with a unique client_id and an OAuth credential set.
  2. Creates a Sentinel Pass studio tool linked to that agent, storing metadata such as access level, permissions, and validity period.
  3. Returns the clientId and clientSecret once — you cannot retrieve the secret again after closing the creation dialog.
Each pass belongs to a project and is always privately_visible. Passes carry a credentialType (default: api_key) and optional scopes and permissions fields.
Copy your clientSecret immediately after creation. TrayLinx does not display it again.

Creating a Sentinel Pass

Open the Sentinel Pass creation flow from Studio Tools inside your project. Selecting Security & Identity as the asset type routes you to this guided flow.
1

Open the creation dialog

Navigate to your project and open the AI Studio tab. Click New Tool, select Security & Identity, then click Create Sentinel Pass on the marketing screen.
2

Configure the agent identity

Fill in the agent details:
  • Agent Name — letters, numbers, and spaces only (for example, My Security Agent). Required.
  • Agent Type — formatted automatically to lowercase with underscores (for example, sourcing_agent). Required.
  • Description — optional free-text description of the agent’s purpose.
You can click Use Defaults on the next step to skip manual security configuration and proceed with secure default settings.
3

Configure security settings

Customize the Sentinel Pass metadata:
FieldDescriptionDefault
Pass IDHuman-readable identifier (for example, SP-2024-A1B2C3). Auto-generated if left empty.Auto-generated
Access Levelbasic, standard, premium, or enterprisestandard
OrganizationOrganization name for display (for example, Acme Corp)
Usage Typeai_assistant, automation_tool, integration_service, mcp_server, api_client, data_processor, monitoring_system, or otherautomation_tool
Valid FromStart date for the passToday
Valid UntilExpiration dateOne year from today
PermissionsComma-separated permission string (for example, read,write)read,write
Integration NotesFree-text notes for documentation
4

Review and create

Review the agent name, type, access level, and organization. Click Create Agent & Pass to submit. TrayLinx creates the agent user and links the Sentinel Pass in a single operation.
5

Copy your credentials

After creation, TrayLinx displays your credentials once. Copy them immediately using one of the provided formats:JSON format — paste into a secrets manager or configuration file:
{
  "clientId": "<your-client-id>",
  "clientSecret": "<your-client-secret>",
  "agentUserId": "<your-agent-user-id>",
  "apiBaseUrl": "https://api.makakoo.com/ma-authentication-ms/v1/api"
}
Bash export format — source directly in your shell or CI environment:
export TRAYLINX_CLIENT_ID="<your-client-id>"
export TRAYLINX_CLIENT_SECRET="<your-client-secret>"
export TRAYLINX_API_BASE_URL="https://api.makakoo.com/ma-authentication-ms/v1/api"
export TRAYLINX_AGENT_USER_ID="<your-agent-user-id>"
Click Complete to close the dialog. The Sentinel Pass now appears in your project’s Studio Tools list.

Overview dashboard

Click any Sentinel Pass in your project to open the detail view. The Overview tab shows a real-time snapshot of the pass:

Total requests

Total number of API requests made using this pass.

Success rate

Percentage of successful requests, shown with a green indicator.

Average latency

Average API response time in milliseconds.

Last used

Timestamp of the most recent API call.
The Pass Details section shows:
  • Pass ID — human-readable identifier (for example, SP-2024-A1B2C3)
  • Client ID — OAuth client identifier with a one-click copy button
  • Status — Active or Inactive
  • Created and Expires — creation and expiration dates
  • Agent Type — the type assigned during creation (for example, sourcing_agent)
  • Organization — the associated organization name
  • Usage Type — for example, Automated System or Manual User
  • Capabilities — list of enabled capabilities such as API Access, Data Read/Write, Contact Discovery

Permissions

Open the Permissions tab to inspect the pass’s access configuration:
  • Permissions breakdown — each permission from the comma-separated permissions metadata field is listed individually with a descriptive label (for example, read:data → Read Data, admin:users → Admin Users).
  • Access Levelstandard, elevated, or custom, shown with a visual indicator.
  • Capabilities — full list of OAuth capabilities granted to the agent.
  • Validity period — the valid_from and valid_until dates.
    • A yellow warning appears if the pass expires within 30 days.
    • A red indicator appears if the pass has already expired.
Permission information is read-only. To modify permissions, delete the existing pass and create a new one with the required access level, or contact your administrator.

Usage analytics

The Usage tab provides charts, performance metrics, and activity logs.

Time range

Select the analysis window using the time range selector:
RangeData resolution
24 hoursHourly data points
7 daysDaily data points
30 daysDaily data points

Request timeline chart

A line chart displays API usage over the selected period:
  • Blue line — total requests (total_requests)
  • Green line — success rate percentage (derived from success_count / total_requests)
Hover over any data point to see exact values including total_requests, success_count, error_count, and avg_latency_ms.

Performance metrics

MetricFieldColor coding
Average latencyavg_latency_msGreen < 200ms · Yellow 200–500ms · Red > 500ms
P95 latencyp95_latency_ms
Unique endpointsunique_endpoints
Error rateDerived from error_countWarning shown if > 5%

Activity logs

The activity log table shows individual API requests with the following columns:
ColumnField
Timestampstarted_at
Endpointendpoint
HTTP methodhttp_method
Statussuccess (✓ / ✗)
Durationduration_ms
IP addressclient_ip
Expand any row to see additional details: user_agent, status_code, error_message, and metadata.

Filtering

Refine the activity log using the filter controls:
  • Activity typeapi_request, token_generation, or error
  • Status — Success or Failed
  • Endpoint — text search against endpoint
  • Date range — custom start_date and end_date (ISO format)
  • Clear filters — resets all active filters
Filter inputs are debounced at 500ms to avoid excessive API calls while you type.

Pagination

The activity log supports 10, 25, 50, or 100 rows per page. The default is 25 rows (per_page: 25). Navigate pages using the pagination controls below the table.

Exporting activity logs

Download activity logs for compliance, auditing, or external analysis:
  1. Click Export.
  2. Select a format:
    • JSON — structured data
    • CSV — spreadsheet-compatible
    • JSONL — JSON Lines (one object per line)
  3. The file downloads automatically.
Exported files are named sentinel-pass-activity-{passId}-{timestamp}.{format}.
Exports are limited to 10,000 records. If your date range produces more records than that, narrow the range and export in multiple batches.

Real-time updates

Enable auto-refresh on the Usage tab to keep metrics current without manually reloading:
  • Refresh interval — every 30 seconds
  • Smart pausing — auto-refresh pauses automatically when the browser tab is inactive
  • Last updated — the timestamp of the most recent refresh is displayed
  • Manual refresh — click the refresh icon to trigger an immediate update
If a refresh fails, TrayLinx retries once after 5 seconds. After 3 consecutive failures, auto-refresh stops and an error notification is displayed. Re-enable it manually after resolving the issue.

Security features

Credential display

client_secret values are never stored or returned after initial creation. The Overview tab shows the client_id (with a copy button) but not the secret. If you need to re-issue credentials, use Regenerate Credentials.

Regenerating credentials

From the Overview tab, click Regenerate Credentials to rotate the clientSecret. The agent user is updated in the Users microservice, and a new credential set is displayed once. Update all services using the old secret before regenerating.
Regenerating credentials immediately invalidates the previous clientSecret. Any service still using the old secret will fail to authenticate.

Toggling pass status

Click Toggle Status on the Overview tab to activate or deactivate a pass without deleting it. Deactivated passes reject all authentication attempts but retain their configuration and usage history.

Revoking and deleting a Sentinel Pass

Revoking disables the pass and marks it as inactive. The pass record and all usage history are preserved. Deleting permanently removes the pass and its linked agent user. This action cannot be undone.
From the pass detail view, navigate to the Settings tab and click Revoke. The pass status changes to inactive immediately. To re-enable it later, click Activate.
From the pass detail view, navigate to the Settings tab and click Delete. Confirm the deletion in the confirmation dialog. Deletion is permanent — the agent user and all associated metadata are removed.

Authentication & Security

Learn how TrayLinx handles JWT tokens, sessions, and rate limiting.

Studio Tools

Create and manage assets, including the Sentinel Pass creation flow.

API Keys

Manage project API keys and LLM provider credentials.

Projects & Assets

Overview of projects, members, and project-level settings.

Build docs developers (and LLMs) love

Get started for freeTalk to us