Authentication
Before Amara can answer a single prompt, syntic needs valid credentials for the Syntic model. How those credentials arrive is one of the most important decisions in an organizational rollout, because it determines who can use the tool, how usage is attributed, and how quickly you can cut off access when someone leaves. Syntic Code supports several authentication methods so you can match your existing identity practices.
Available methods
The simplest method is an API key issued from your Syntic AI account and supplied through the SYNTIC_API_KEY environment variable. Keys are easy to script and ideal for automation, but they are long-lived secrets that must be rotated and protected. For interactive use, developers can instead sign in through a browser-based flow that exchanges an organization login for a short-lived token, which avoids storing a static secret on the machine. Larger organizations typically front all of this with an LLM gateway, so syntic authenticates only to the gateway and never holds the real upstream key.
Choosing a method for your team
For individuals and small teams, a per-developer key or interactive sign-in is usually enough. As you grow, prefer methods that tie access to your identity provider so that offboarding a person automatically revokes their model access. Automation and CI should use dedicated service credentials, scoped narrowly and separate from human accounts, so that a leaked pipeline secret cannot impersonate a developer.
Managing credentials safely
Never commit keys to source control or bake them into container images that get shared. Distribute them through your secret manager or device management profile, and set them as environment variables at runtime rather than writing them to disk. Rotate keys on a schedule and immediately after any suspected exposure. When you use server-managed settings, you can pin the base URL and force a particular authentication path so developers cannot accidentally point the CLI at the wrong endpoint or fall back to an unmanaged key.