When building a web app on Managed Agents, the natural pattern is:
- Backend creates session (with API key, vault, agent)
- Backend returns a scoped token to the frontend
- Frontend streams events directly from Anthropic (no proxy needed)
Currently every request requires the full API key, forcing all traffic through a backend proxy — adding latency, infra cost, and complexity for what is essentially a passthrough.
A short-lived, session-scoped token (similar to S3 presigned URLs or Stripe ephemeral keys) would solve this cleanly.
-+-
When building a web app on Managed Agents, the natural pattern is:
Currently every request requires the full API key, forcing all traffic through a backend proxy — adding latency, infra cost, and complexity for what is essentially a passthrough.
A short-lived, session-scoped token (similar to S3 presigned URLs or Stripe ephemeral keys) would solve this cleanly.
-+-