Ilya Korovin in #general: "Hi, is the A2A API supposed to work right now, specifically with API keys managed on the Settings page? API keys in Settings are handled via ApiKeyMod..." | Archestra Community

Messages in #general

Ilya Korovin — April 23, 2026

Hi, is the A2A API supposed to work right now, specifically with API keys managed on the Settings page? API keys in Settings are handled via `ApiKeyModel`, and it looks like that model is not used anywhere. For the A2A API, I only see `UserTokenModel` and `TeamTokenModel`.

14 replies

Ilya Korovin — April 23, 2026

I made it work somehow via agent with organization access and team token. But API Keys tab in Settings still seems useless.

joey (archestra team) — April 23, 2026

hi there 👋 API keys are to consume the API archestra.ai/docs/platform-api-reference

Ilya Korovin — April 23, 2026

Hi @user, yes, I’m referring to this page: `/settings/api-keys`. On this page, API keys are stored in `ApiKeyModel`, but `ApiKeyModel` is not used by the A2A API (`routes/a2a.ts`) and apparently is not used anywhere else either. `resolveArchestraToken(...)` uses only `UserTokenModel` and `TeamTokenModel` . `validateMCPGatewayToken(...)` uses ``resolveArchestraToken(...)`` for such tokens (prefix = arch_) `routes/a2a.ts` uses `validateMCPGatewayToken(...)` for auth

joey (archestra team) — April 23, 2026

API keys are used to consume the API

joey (archestra team) — April 23, 2026

archestra.ai/docs/platform-api-reference

Ilya Korovin — April 23, 2026

I'm talking about the same...

Ilya Korovin — April 23, 2026

It says: > Once you've created an API key, copy the key (it will only be shown once), and include the key in your requests using the `Authorization` header in the endpoints shown below. When I create it, it's stored in `apikey` table (ApiKeyModel) . That model is not used in API auth. `Authorization` header token is checked only via `UserTokenModel` and `TeamTokenModel` in `resolveArchestraToken(...)`

Ilya Korovin — April 23, 2026

Team tokens work fine because they are stored in `TeamTokenModel`. I don't understand how my token could be stored in `UserTokenModel`, but intuitively it seems like this should be done via the `/settings/api-keys` page.

joey (archestra team) — April 23, 2026

github.com/archestra-ai/archestra/blob/main/platform/backend/src/auth/fastify-plugin/middleware.ts#L176-L178

joey (archestra team) — April 23, 2026

regarding A2A - yes it only supports these personal/team/org-scoped static bearer tokens

joey (archestra team) — April 23, 2026

the API keys you are referring to though are used to auth for the _REST API_

Ilya Korovin — April 23, 2026

Oh okay, then. Yes, I tested only A2A. Thanks

Ilya Korovin — April 23, 2026

However these A2A endpoints are on top of this docs page

joey (archestra team) — April 23, 2026

you can view/rotate your personal token on `/settings/account` - it's true that the auth section of the agents documentation is rather outdated, will get that updated :thumbsup_all:

development

general

social

#general

Apr 22April 23, 2026

Yesterday

Palak Bakshi4:53 AMOpen in Slack

Hi Team, I am Palak

I am interested in contributing to Archestra, but I found that commenting on issues is currently blocked. Could anyone please guide on how can we claim an issue? Should I work on reproducing and provide a video of working fix first?

Ps: I’m about to graduate and have prior experience through internship at MNC as well as open source contributions. I’d also like to know if I’m eligible to participate in the interviews.

🙌1:archestra-love:1🚀2

1 reply

Phil Filippak7:03 AMOpen in Slack

Hi everyone! I'm Phil, have been working in software engineering for 15 years, will try and contribute to Archestra in the next few days, then we'll see how it works out

❤️1🙌1🔥1👋1

Ilya Korovin10:09 AMOpen in Slack

Hi, is the A2A API supposed to work right now, specifically with API keys managed on the Settings page? API keys in Settings are handled via ApiKeyModel, and it looks like that model is not used anywhere. For the A2A API, I only see UserTokenModel and TeamTokenModel.

14 replies

Alexander Balashov11:42 AMOpen in Slack

Hey all,

I’ve been poking at upgrading the repo from TypeScript 5.9 to 6.0, and it looks like a pretty smooth change.

I only ran into two things:

• a tsconfig deprecation warning, already addressed in this PR

• a small TS bug that the stricter compiler checks caught, already fixed in my TS 6 PR

So it feels like we're in a good spot to move to 6.0 without much churn. It also seems like a good prep step for eventually switching to the faster TypeScript 7 toolchain.

TypeScript 6 PR is here https://github.com/archestra-ai/archestra/pull/4035

😮1

10 replies

Archestra App5:02 PMOpen in Slack

New release! 🚀🚀🚀

1.2.23 (2026-04-23)

Features

*a2a:* accept arbitrary JSON payloads in addition to JSON-RPC envelope (#4037) (6d15f0c)
add onboarding wizard (#4013) (12f8a5a)
add Outline knowledge connector (#3938) (0bd17f3)
interweave persisted chat errors (#4002) (e5e3fec)

Bug Fixes

include scheduled- prefixed session IDs in sessionId search (#4040) (a1822eb)
scroll to bottom when user sends a message (#4005) (2ac31a6)
Slack setup slash command slugs (#4014) (0570258)
treat UUID search input as sessionId filter on sessions list (#4029) (e580151)

Documentation

fix stale mcpServer:admin reference in access-control docs (#3994) (a1fc7bf)
update agent docs (#4038) (315ffeb)

Miscellaneous Chores

clear agent identity provider config (#4020) (0bb5954)
knowledge base - make advanced-access control an enterprise feature (#3783) (10b4ff0)
remove deprecated downlevelIteration from tsconfig (#4027) (77bae6a)
upgrade TypeScript 5.9 -> 6.x (#4035) (2b7737e)

Tigran Kostandyan5:06 PMOpen in Slack

While working on error processing in web chat I noticed we started showing duplicate error cards – it wasn't like this a few days ago. Traced it to the AI SDK invoking onError twice after we added persistence inside that callback. Proposed fix here: https://github.com/archestra-ai/archestra/pull/4047

Join Slack to see the image

👀1

3 replies

Kyle Skutt6:45 PMOpen in Slack

Hi Kyle looking to be more involved with open source. Experience in building LLM, environments and various programs. I noticed most of the new bounties appear to be for in house members. If there is anything i can jump on let me know!

2 replies

Read-only live mirror of Archestra.AI Slack

👋Join the discussion withAI enthusiasts!

Thread

Ilya Korovin10:09 AMOpen in Slack

14 replies

Ilya Korovin10:33 AMOpen in Slack

I made it work somehow via agent with organization access and team token. But API Keys tab in Settings still seems useless.

joey (archestra team)12:21 PMOpen in Slack

hi there 👋 API keys are to consume the API https://archestra.ai/docs/platform-api-reference

Ilya Korovin12:29 PMOpen in Slack

Hi @user, yes, I’m referring to this page: /settings/api-keys.

On this page, API keys are stored in ApiKeyModel, but ApiKeyModel is not used by the A2A API (routes/a2a.ts) and apparently is not used anywhere else either.

resolveArchestraToken(...) uses only UserTokenModel and TeamTokenModel .

validateMCPGatewayToken(...) uses `resolveArchestraToken(...)` for such tokens (prefix = arch_)

routes/a2a.ts uses validateMCPGatewayToken(...) for auth

joey (archestra team)12:29 PMOpen in Slack

API keys are used to consume the API

👀1

joey (archestra team)12:31 PMOpen in Slack

https://archestra.ai/docs/platform-api-reference

Join Slack to see the image

Ilya Korovin12:31 PMOpen in Slack

I'm talking about the same...

Ilya Korovin12:37 PMOpen in Slack

It says:

Once you've created an API key, copy the key (it will only be shown once), and include the key in your requests using the Authorization header in the endpoints shown below.

When I create it, it's stored in apikey table (ApiKeyModel) . That model is not used in API auth. Authorization header token is checked only via UserTokenModel and TeamTokenModel in resolveArchestraToken(...)

Ilya Korovin12:42 PMOpen in Slack

Team tokens work fine because they are stored in TeamTokenModel.

I don't understand how my token could be stored in UserTokenModel, but intuitively it seems like this should be done via the /settings/api-keys page.

joey (archestra team)12:49 PMOpen in Slack

https://github.com/archestra-ai/archestra/blob/main/platform/backend/src/auth/fastify-plugin/middleware.ts#L176-L178

Join Slack to see the image

🤯1

joey (archestra team)12:50 PMOpen in Slack

regarding A2A - yes it only supports these personal/team/org-scoped static bearer tokens

joey (archestra team)12:50 PMOpen in Slack

the API keys you are referring to though are used to auth for the REST API

Ilya Korovin12:51 PMOpen in Slack

Oh okay, then. Yes, I tested only A2A. Thanks

🙏1

Ilya Korovin12:52 PMOpen in Slack

However these A2A endpoints are on top of this docs page

joey (archestra team)12:52 PMOpen in Slack

you can view/rotate your personal token on /settings/account - it's true that the auth section of the agents documentation is rather outdated, will get that updated :thumbsup_all:

👍1