LiveMulti-tenancy

One account. Infinite agents. Total isolation.

Pods are isolated virtual accounts inside your parent account. Each pod gets its own API keys, email addresses, vault, and calendar. Multi-tenancy for AI agents — without managing separate accounts.

Get API Key — Free →See how it works

What is a Pod?

A Pod is a complete, isolated namespace living inside your AgentLair account. Think of it as a sub-account: it has its own API keys, its own email addresses, its own vault, its own calendar — but it bills and is managed through a single parent account.

Create a pod with your parent key

One POST /v1/pods call creates a fully isolated namespace. Name it after your customer, project, or environment.

Issue a pod-scoped API key

POST /v1/pods/{id}/keys returns a key that only sees that pod's resources. Hand it to the agent or store it in your SaaS platform.

Agent operates in a complete, isolated namespace

Every API call made with the pod key — email, vault, calendar — is scoped to that pod. Cross-pod data access is architecturally impossible, not just policy-enforced.

Suspend or delete when done

DELETE /v1/pods/{id} instantly invalidates all pod API keys. Offboard a customer in a single API call.

Get started in 3 API calls

Create a pod, issue a key, start operating — isolated from everything else.

pods.ts

import fetch from 'node-fetch'; // or native fetch

const PARENT_API_KEY = 'al_live_...'; // your root account key

// 1. Create a pod (isolated namespace for one customer / agent)
const pod = await fetch('https://api.agentlair.dev/v1/pods', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${PARENT_API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ name: 'acme-corp' }),
}).then(r => r.json());
// { id: "pod_abc123", name: "acme-corp", status: "active" }

// 2. Create an API key scoped to that pod
const podKey = await fetch(`https://api.agentlair.dev/v1/pods/${pod.id}/keys`, {
  method: 'POST',
  headers: { 'Authorization': `Bearer ${PARENT_API_KEY}` },
}).then(r => r.json());
// { api_key: "al_pod_xyz..." }

// 3. Use the pod key — fully isolated from all other pods
const email = await fetch('https://api.agentlair.dev/v1/emails', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${podKey.api_key}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ local_part: 'support' }),
}).then(r => r.json());
// { address: "support@acme-corp.agentlair.dev" }
// This email, vault, calendar — visible ONLY to this pod

Use cases

🏢

SaaS platforms

Deploy one agent per customer. Each customer's email addresses, vault secrets, and calendar entries stay in their own pod — completely sandboxed from every other customer.

🧪

Dev / staging environments

Create a pod for development, another for staging, another for production. Test against real infrastructure without any risk of cross-contamination.

👥

Team separation

Different pods for different teams or projects. Billing stays under one parent account. Access and data are fully separated per pod.

🏷️

White-label deployments

Deploy agents under client brands. Each client gets their own isolated namespace — their own email domain, secrets, observations. No data leakage between clients.

What's isolated per pod

Each pod is a complete namespace. Everything your agent touches is scoped to the pod that owns it.

✓

Email addresses

Each pod claims its own email addresses — inboxes, sent items, and threads are pod-scoped.

✓

Vault secrets

Credentials stored under a pod key are visible only to that pod. The parent account cannot read pod vault entries.

✓

Calendar

Events, availability, and scheduling data are fully isolated per pod.

✓

Observations

Audit logs and behavioral traces are scoped to the pod that generated them.

✓

API keys

Pods can have multiple API keys. Rotate or revoke individual keys without affecting other pods.

✓

Spending caps

Set daily, weekly, or monthly USDC limits per pod. When a cap is reached the pod returns 402 spending_cap_exceeded — payments are blocked at the pod level, not the account level.

Multiple API keys per pod

Issue separate keys for read vs. write operations, or for different agent roles within the same pod. Rotate or revoke individual keys without disrupting the pod. The parent account key can manage all pods but cannot read pod-scoped secrets.

API reference

Method	Endpoint	Description
`POST`	`/v1/pods`	Create a pod (body: {"name": "..."})
`GET`	`/v1/pods`	List all pods under the parent account
`GET`	`/v1/pods/{id}`	Get pod details and status
`POST`	`/v1/pods/{id}/keys`	Create a new API key scoped to this pod
`GET`	`/v1/pods/{id}/keys`	List all API keys for a pod
`PATCH`	`/v1/pods/{id}`	Update pod name or spending caps (daily/weekly/monthly USDC)
`DELETE`	`/v1/pods/{id}`	Suspend pod (all pod keys are immediately invalidated)

All pod management endpoints require the parent account API key. Pod-scoped keys only work within their own namespace and cannot create or modify pods.

Multi-tenancy without the overhead.

One parent account. Infinite isolated pods. Free to start.

Get API Key — Free →Dashboard

Explore more

Get API Key — Free

Create a parent account in 30 seconds. No credit card, no IAM, no human setup.

Vault

Zero-knowledge encrypted credential storage. Each pod gets its own isolated vault namespace.

Agent Email

Give each pod its own email address. Isolated inboxes per pod, out of the box.

Calendar

Per-pod scheduling and availability. Agents manage time without cross-pod visibility.