home / skills / openclaw / skills / remix-api-key-auth

remix-api-key-auth skill

safe

This skill helps you securely configure and verify bearer API key authentication for Remix server APIs in publishing workflows.

npx playbooks add skill openclaw/skills --skill remix-api-key-auth

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

1.1 KB

---
name: remix-api-key-auth
description: Configure and verify bearer API key authentication for Remix agent publishing workflows.
metadata:
  tags: remix, auth, api-key
---

# Remix API Key Setup

Use this skill when a user needs to authenticate an external service/agent for Remix server APIs.

## Steps

1. Log in to your Remix account.
2. Go to `https://remix.gg/api-keys`.
3. Create a new API key.
4. Store it as a secret in your service runtime.
5. Send:
   - `Authorization: Bearer <api_key>`
6. Use base URL `https://api.remix.gg`.

## Verification

Run a cheap authenticated call first (for example, `POST /v1/agents/games` in a test project) to verify the key works.

## Troubleshooting Invalid API Key

- Check `Authorization` is formatted as `Bearer <api_key>`.
- Re-copy the key from `https://remix.gg/api-keys` and rotate if needed.
- Verify your service is reading the expected secret/env var in the current runtime.
- Confirm the request is server-side and not exposed through browser code.
- If behavior seems inconsistent with local docs, use `https://api.remix.gg/docs` as source of truth.

Overview

This skill helps you configure and verify bearer API key authentication for Remix agent publishing workflows. It guides creating a key in the Remix dashboard, storing it securely in your runtime, and validating the key with a lightweight authenticated request. The goal is fast, repeatable setup and reliable troubleshooting for server-side agent calls.

How this skill works

The skill walks you through generating an API key at https://remix.gg/api-keys and storing it as a secret or environment variable in your service runtime. It ensures requests include the Authorization: Bearer <api_key> header and uses the base URL https://api.remix.gg for API calls. Verification is done by making a cheap authenticated request (for example, POST /v1/agents/games in a test project) to confirm the key and runtime configuration.

When to use it

When publishing or managing Remix agents from a server-side service.
When you need to authenticate a CI/CD pipeline or backend that calls Remix APIs.
When rotating or replacing existing API keys to maintain security.
When troubleshooting 401/invalid-key errors for Remix API requests.

Best practices

Always store the API key as a secret or environment variable in the service runtime, never hard-code it.
Format the request header exactly as Authorization: Bearer <api_key> and verify there are no extra spaces or characters.
Verify keys with a low-cost authenticated call in a test project before running production workflows.
Keep API calls server-side to avoid exposing the key in browser code or client bundles.
Use the public API docs at https://api.remix.gg/docs as the source of truth for endpoints and behavior.

Example use cases

Configure a CI job that publishes a Remix agent after successful tests using the stored API key.
Rotate an existing API key and verify the new key with a test POST to /v1/agents/games.
Set up a backend service that creates and manages agents via the Remix API using bearer auth.
Diagnose and fix 401 responses by validating header formatting and runtime secret access.

FAQ

How do I verify the key works without affecting production data?

Make a cheap authenticated call in a test project, such as POST /v1/agents/games, to confirm authentication before running production workflows.

What should I check first if I get an invalid API key error?

Confirm the header is Authorization: Bearer <api_key>, re-copy the key from https://remix.gg/api-keys if needed, and ensure your runtime is reading the correct secret/env var.