Skip to main content

Authentication

PLai Framework uses multiple authentication methods depending on the context. This guide covers all authentication scenarios you’ll encounter.

Dashboard Authentication

User Registration & Login

1

Create Account

Visit the PLai Framework dashboard and click β€œRegister”
2

Email Verification

Check your email and click the verification link
3

Organization Setup

Create your first organization or accept an invitation
4

Project Access

Create a project or get invited to existing projects

Session Management

PLai Framework uses secure session cookies for dashboard authentication:
  • Session Duration: Sessions last 30 days by default
  • Auto-Renewal: Sessions renew automatically with activity
  • Secure Cookies: All cookies are httpOnly and secure

API Authentication

JWT Tokens

API access uses JWT (JSON Web Tokens) for authentication:

Token Types

User JWT

Authenticates user actions and personal resources

Project JWT

Provides access to project-specific resources

Obtaining Tokens

Dashboard Method:
API Method:

Organization & Project Access

Role-Based Access Control (RBAC)

PLai Framework implements fine-grained RBAC:
  • Owner: Full organization control
  • Admin: Manage users and projects
  • Member: Access assigned projects
  • Viewer: No access
  • Owner: Full project control
  • Admin: Manage project resources
  • Member: Use agents, datasources and tools as project member
  • Viewer: Read-only access

Permission Matrix

ActionViewerMemberAdminOwner
View Agentsβœ…βœ…βœ…βœ…
Chat with Agentsβœ…βœ…βœ…βœ…
Create AgentsβŒβœ…βœ…βœ…
Manage Tools & DatasourcesβŒβœ…βœ…βœ…
View AnalyticsβŒβœ…βœ…βœ…
Manage BatchesβŒβœ…βœ…βœ…
Billing AccessβŒβŒβŒβœ…

API Security

Rate Limiting

We’re working on it.

Request Headers

Always include these headers in API requests:

Environment-Specific Configuration

Development Environment

Production Environment

Error Handling

Common Authentication Errors

Error Response Handling

Security Best Practices

Never expose JWT tokens in client-side code or logs. Always use secure storage methods.
Rotate tokens regularly and implement proper token refresh mechanisms for long-running applications.

Token Storage

  • Use httpOnly cookies for automatic inclusion
  • Store in secure sessionStorage for manual handling
  • Never use localStorage for sensitive tokens

Next Steps

Quick Start

Set up your first authenticated project

API Reference

Explore API endpoints and examples