> ## Documentation Index
> Fetch the complete documentation index at: https://algolia.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Forge secured user token

> Generate a signed JWT on your server to authenticate users with Agent Studio.

<Callout icon="flask-conical" color="#14b8a6">
  This is a **beta feature** according to [Algolia's Terms of Service ("Beta Services")](https://www.algolia.com/policies/terms/).
</Callout>

This helper method generates a signed JSON Web Token (JWT) for authenticating users with Agent Studio.
Use this token to scope conversations and memory to individual users in your app.

The method builds an [HS256](https://en.wikipedia.org/wiki/JSON_Web_Token) JWT with the following claims:

* `sub`: your user's unique identifier
* `exp`: token expiration timestamp (defaults to 24 hours from now)
* `kid` (header): your Algolia authentication key ID

<Note>
  This helper is currently available for **JavaScript** and **Python** only.
  For other languages, generate the JWT manually.
  For more information, see [User authentication](/doc/guides/algolia-ai/agent-studio/how-to/user-authentication).
</Note>

## Usage

<CodeGroup>
  ```js JavaScript theme={"system"}
  import { agentStudioClient } from "@algolia/agent-studio";

  const client = agentStudioClient("ALGOLIA_APPLICATION_ID", "ALGOLIA_API_KEY");

  const token = client.forgeSecuredUserToken({
    secretKey: "ALGOLIA_SECRET_KEY",     // Your authentication key (sk-alg-...)
    secretKeyId: "ALGOLIA_KEY_ID",       // Your authentication key ID
    userId: "user-123",                  // Your user's unique identifier
    expiresIn: 24 * 3600,               // Optional: token lifetime in seconds (default: 24h)
  });
  ```

  ```python Python theme={"system"}
  from algoliasearch.agent_studio.client import AgentStudioClientSync

  client = AgentStudioClientSync("ALGOLIA_APPLICATION_ID", "ALGOLIA_API_KEY")

  token = client.forge_secured_user_token(
      secret_key="ALGOLIA_SECRET_KEY",     # Your authentication key (sk-alg-...)
      secret_key_id="ALGOLIA_KEY_ID",      # Your authentication key ID
      user_id="user-123",                  # Your user's unique identifier
      expires_in=24 * 3600,                # Optional: token lifetime in seconds (default: 24h)
  )
  ```
</CodeGroup>

Pass the generated token in the `X-Algolia-Secure-User-Token` header when making Agent Studio API requests.

## Parameters

<Tabs>
  <Tab title="JavaScript">
    <ParamField body="secretKey" type="string" required>
      Your Algolia authentication key.
      This is the full `sk-alg-...` value from the Agent Studio [**Settings > User authentication**](https://dashboard.algolia.com/generativeAi/agent-studio/settings/user-authentication) page.
    </ParamField>

    <ParamField body="secretKeyId" type="string" required>
      Your Algolia authentication key ID.
      This is the value in the **ID** column of the authentication keys table in the Agent Studio dashboard.
    </ParamField>

    <ParamField body="userId" type="string" required>
      A unique identifier for the user.
      This value is set as the `sub` (subject) claim in the JWT.
    </ParamField>

    <ParamField body="expiresIn" type="number">
      Token lifetime in seconds.
      Defaults to `86400` (24 hours).
    </ParamField>
  </Tab>

  <Tab title="Python">
    <ParamField body="secret_key" type="str" required>
      Your Algolia authentication key.
      This is the full `sk-alg-...` value from the Agent Studio [**Settings > User authentication**](https://dashboard.algolia.com/generativeAi/agent-studio/settings/user-authentication) page.
    </ParamField>

    <ParamField body="secret_key_id" type="str" required>
      Your Algolia authentication key ID.
      This is the value in the **ID** column of the authentication keys table in the Agent Studio dashboard.
    </ParamField>

    <ParamField body="user_id" type="str" required>
      A unique identifier for the user.
      This value is set as the `sub` (subject) claim in the JWT.
    </ParamField>

    <ParamField body="expires_in" type="int">
      Token lifetime in seconds.
      Defaults to `86400` (24 hours).
    </ParamField>
  </Tab>
</Tabs>

## Response

The method returns a `string`: a signed JWT that you can pass in the `X-Algolia-Secure-User-Token` header.

## Related resources

* [User authentication](/doc/guides/algolia-ai/agent-studio/how-to/user-authentication)
* [Conversations](/doc/guides/algolia-ai/agent-studio/how-to/conversations)
* [Memory overview](/doc/guides/algolia-ai/agent-studio/how-to/memory/overview)
