Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.alterauth.com/llms.txt

Use this file to discover all available pages before exploring further.

By the end of this quickstart, an app key will be minted, Slack will be connected, and a message will be posted from application code — with no token ever touching that code. Total time: about 10 minutes.
This quickstart uses Slack as the target API. Any of the 65+ OAuth providers in the provider catalog follows the same flow — only the API call at the end changes.
1

Sign up

Create a free account at portal.alterauth.com.
2

Create an app

In the portal sidebar, choose Apps → New App. Name it quickstart and click Create.An app is the unit that owns API keys, provider configuration, and grants. See Apps & Organizations for the full model.
3

Mint an API key

Open the new app, go to API Keys → Mint key, copy the value, and export it:
export ALTER_API_KEY="alter_key_app_..."
The plaintext is shown once. If lost, mint a new key and revoke the old one.
4

Install the SDK

pip install alter-sdk
Python 3.10+. Node 20+.
5

Connect Slack

Run the snippet below once. It opens a browser, walks through the Slack OAuth flow, and prints the grant_id used in the next step.
import asyncio, os
from alter_sdk import App

async def main():
    app = App(api_key=os.environ["ALTER_API_KEY"])
    results = await app.connect(providers=["slack"])
    print("grant_id:", results[0].grant_id)
    await app.close()

asyncio.run(main())
Export the printed grant ID:
export SLACK_GRANT_ID="<the printed grant id>"
6

Post a Slack message

Replace #general with an accessible channel.
import asyncio, os
from alter_sdk import App, HttpMethod

async def main():
    app = App(api_key=os.environ["ALTER_API_KEY"])
    response = await app.request(
        HttpMethod.POST,
        "https://slack.com/api/chat.postMessage",
        grant_id=os.environ["SLACK_GRANT_ID"],
        json={"channel": "#general", "text": "Hello from Alter."},
    )
    print(response.status_code, response.json())
    await app.close()

asyncio.run(main())
Check Slack. The message is there.
7

See the audit row

Open Audit Logs in the portal. Every Alter call shows the caller, the principal, the provider, the response status, and the latency.

What just happened

app.request() resolved the Slack grant, fetched a fresh token from the vault, injected it into the outgoing Slack call, and wrote the audit row. No token was ever stored, refreshed, or seen by application code.

What’s next

How Alter works

The mental model behind the call sequence above.

Call APIs on behalf of users

Drop the grant_id and resolve users from JWTs in production.

Give an agent scoped access

Per-agent identity for AI workloads.