latchkey

What is Latchkey?

Latchkey is a command-line tool that injects credentials into curl commands for HTTP APIs. Instead of manually adding authorization headers or other authentication parameters to every request, you store credentials for supported services and let Latchkey add the appropriate curl arguments automatically.

It’s primarily designed for AI agents that need to make API calls using standard curl syntax. Agents can use already-stored user credentials or trigger an interactive browser login to collect credentials for the user.

Key Features

• Credential injection for curl requests: latchkey curl <arguments> passes your request arguments through to curl while automatically inserting stored credentials (for example, removing the need to include an Authorization header yourself).
• Built-in support for known public APIs via services list: lists third-party services supported out-of-the-box (example services mentioned include Slack, Google Workspace, Linear, and GitHub).
• Manual credential storage with auth set: store credentials as arbitrary curl arguments for a named service, e.g., adding an Authorization: Bearer ... header once so it can be reused in future requests.
• Browser-based credential capture with auth browser: opens a login pop-up window, extracts API credentials from the browser session, stores them for reuse, and can prompt users for credentials (not all services support this option).
• Agent-friendly workflow without intermediary services: the project positions Latchkey as direct credential injection rather than an OAuth-style intermediary or an MCP-style integration layer; when browser auth is used, requests are made directly on the user’s behalf.

How to Use Latchkey

1. Install Latchkey: npm install -g latchkey (per the repository’s installation instructions).
2. Set up credentials for a service:
   • Browser flow (requires a graphical environment): latchkey auth browser slack.
   • Manual flow: latchkey auth set slack -H "Authorization: Bearer xoxb-your-token".
3. Make API calls with standard curl syntax:
   • Example: latchkey curl -X POST 'https://slack.com/api/conversations.create' -H 'Content-Type: application/json' -d '{"name":"something-urgent"}'.

Use Cases

• AI agent calling APIs with user-owned credentials: an agent can run latchkey curl ... for supported services so authentication details are handled by Latchkey rather than embedded in the agent prompt or code.
• Interactive credential prompting for a user: when using latchkey auth browser <service>, the agent can trigger a browser login flow that collects credentials from the user session and stores them for later calls.
• Repeatable local API testing: set credentials once with auth set and reuse them for multiple curl requests without repeatedly copying authorization headers.
• Extending support for a new service at runtime (in simple cases): use the documented approach mentioned in the overview (“services register”) to add basic support for a new service when full built-in support isn’t present.
• Integration into an agent skill workflow: the repository references using Latchkey as a “skill” for agent frameworks (example commands shown include using skills tooling and installing from ClawHub).

FAQ

• Does Latchkey change how I write my HTTP requests? No. You still write typical curl commands; Latchkey injects the stored credentials automatically when you run latchkey curl <arguments>.

• How are credentials stored and reused? Credentials are stored per service using either latchkey auth set (manual) or latchkey auth browser (browser capture). Future latchkey curl calls reuse the stored credentials.

• Is the browser authentication option always available? No. The documentation states that only some services support the auth browser feature.

• What are the risks of giving agents access to credentials? The project warns that allowing AI agents to access API credentials can be dangerous, especially when using auth browser, because agents may perform most actions the user can.

• What prerequisites do I need for installation and browser auth? The repo states that curl, Node.js, and npm must be present in reasonably recent versions. For auth browser, you need a graphical environment; there is also an ensure-browser command that discovers Chrome/Chromium/Edge or downloads Chromium via Playwright if none is found.

Alternatives

• Direct API authentication with OAuth or per-request tokens: you can manually implement OAuth flows or inject tokens into each request. This differs from Latchkey by requiring an auth implementation or repeated credential handling rather than central credential injection into curl.
• MCP-style integration layers / agent tool servers: these introduce an intermediary between the agent and the target service. The Latchkey project positions itself as not introducing an intermediary in the typical workflow.
• Generic credential managers or secret stores used directly by scripts: you can store tokens in a secret manager and have scripts retrieve them. This typically means the logic for injecting auth headers remains your responsibility rather than a latchkey curl command.
• Other CLI-based API wrapper tools: alternatives may provide purpose-built commands for specific services, but they may not use the same pass-through curl workflow or support broad curl-style request patterns.