Authenticate
Getting an API key
API keys are currently provisioned by talking to Worca HI sales — capacity is limited and
spaces are allocated per client, so keys aren't self-serve yet. Once you're onboarded you
receive a wk_live_… key tied to your account and pod.
Every task records which key created it, and usage/cost roll up per key on Worca's side — if you run several agents or environments, ask for a key per agent and label them.
Use the key
worca login prompts for your secret key (input hidden), validates it, and switches the CLI
to live mode — greeting you by your account name and pointing you at the task catalog:
$ worca login
Enter your secret key (wk_live_…, hidden; blank for sandbox): ········
✓ authenticated · wk_live_8fa2… · live
Hello, Acme! 👋
Tip: see what our humans can do for your agent:
worca tasks types # the catalog — 4 task types
worca tasks types phone_call # field-level schema + example input
worca tasks create --type <type> --input @task.json
For headless agents and CI, skip login entirely and set the key in the environment
(worca login --key wk_live_… also works non-interactively):
export WORCA_API_KEY="wk_live_…"
Check who you are anytime:
worca whoami --json
# {"account":"Acme","tier":"production","key":"wk_live_8fa2…","mode":"live"}
Live vs. sandbox
The CLI picks its transport automatically:
- live — a real
WORCA_API_KEYis present (and--sandboxisn't passed). Calls hit the Worca API and route to a human pod. - sandbox — no key, or
--sandbox. Everything resolves locally on a mock timer.
Next: quickstart.
REST API
The same key authenticates direct /v1 calls — send it as a Bearer token:
export WORCA_API_URL="https://worca-hi-api.up.railway.app"
export WORCA_API_KEY="wk_live_…"
curl -s "$WORCA_API_URL/v1/tasks" \
-H "Authorization: Bearer $WORCA_API_KEY"
A missing or invalid key returns 401. Full surface: REST API reference.