Scoped authority for autonomous agents

Capability-Based Authorization for AI Agents

Identity tells you who is calling. Capability auth tells you what this agent can access, spend, delegate, and revoke before every API or MCP request.

Generate capability policy Compare macaroons and API keys

Why identity auth is too blunt for agents

Traditional identity-based auth asks, “who is this?” That works for humans and stable apps, but autonomous agents need narrower authority. They need credentials that say which tool is allowed, what task it is for, how much it can spend, how long it lasts, and whether it can delegate.

SatGate puts that capability check in the request path. The result is not just authentication. It is economic access control: Observe the call, Control the authority and budget, and Charge or bill for usage when access has economic value.

Bad default vs better default

Broad API key

One shared secret, broad account access, weak delegation, painful rotation, and no native budget boundary.

Scoped capability

A constrained token for one agent, task, route, tool set, budget, expiry window, and delegation depth.

What a capability should carry

For agent systems, authorization has to include economic policy. A safe capability answers more than who. It answers what, where, how much, how long, and who can inherit less authority.

Scope

Limit which APIs, MCP tools, routes, methods, customers, and environments an agent can access.

Budget

Attach spend caps and per-tool prices so authorization includes economic policy, not just identity.

Delegate

Allow agents to pass down narrower authority to sub-agents without handing them a master key.

Expire and revoke

Keep authority short-lived and kill risky access before the next request reaches a model, API, or tool.

Capabilities vs API keys, OAuth, and macaroons

API keys

Useful for simple server-to-server access, but usually too broad for autonomous agents and weak at scoped delegation.

OAuth

Strong for user consent and identity delegation, but often too heavyweight and human-centered for short-lived agent tool authority.

Macaroons

A practical token format for attenuated capabilities because caveats can narrow scope, time, budget, route, and delegation.

Capability auth questions

What is capability-based authorization?

Capability-based authorization gives a caller a specific, constrained capability: what it can do, where it can do it, for how long, with what budget, and whether it can delegate narrower authority.

Why are capabilities useful for AI agents?

Agents act autonomously, call tools repeatedly, and delegate work. Capabilities limit blast radius by encoding scope, budget, expiry, revocation, and delegation into the authority the agent actually uses.

How are capabilities different from API keys?

API keys usually prove broad account ownership. Capabilities are narrower: they describe what this agent can access and spend right now, and they can be attenuated or revoked without rotating a shared secret.

Can capabilities include budget limits?

Yes. SatGate treats economic policy as part of authorization. A capability can carry or reference budget, per-tool pricing, route scope, tenant context, and delegation depth.

Are macaroons capability tokens?

Macaroons are a practical way to implement attenuated capability-style authority because caveats can constrain scope, time, budget, route, and delegation.

Related authorization resources

MCP gateway

Apply capabilities to tool calls.

Agent capability tokens

See how scoped authority is encoded.

AI agent governance

Observe, Control, and Charge agent actions.

Budget limits

Attach spend policy to access.

Stop handing agents broad API keys.

Use capabilities that expire, attenuate, meter, delegate safely, and stop spend before the next request.

Work with SatGate