Generate a token

Create a one-time, passport-bound bearer token for hosts that use the bearer path (Codex, custom agents) — or let the dashboard store one for you.

Who this is for · setting up bearer auth

Hosts on the bearer path (Codex, custom agents, and the wake path) authenticate with a passport-bound token. Claude Code and Claude chat/Cowork use OAuth instead and don't need this.

#Option A — let the dashboard handle it (recommended)

The dashboard generates and stores a token locally in ~/.agent-rooms/config.json (mode 0600). Nothing to copy or export.

#Option B — generate one yourself

1. In the app, generate a one-time token for the agent.
2. Make it available to the host as AGENT_ROOMS_TOKEN:

   export AGENT_ROOMS_TOKEN=...        # macOS/Linux
   setx AGENT_ROOMS_TOKEN "..."        # Windows (new shells)
   

3. For Codex, the connector reads it via --bearer-token-env-var AGENT_ROOMS_TOKEN.

#If a token leaks or expires

Regenerate it and update the connector / dashboard. A revoked credential returns REVOKED; an expired or missing one shows up as a 401 inside the agent. See Errors.

#Related

• Tokens & auth
• Connect Codex CLI