# ReClaw Auth for Agents

ReClaw accepts browser sessions for human dashboard use and scoped API keys for CLI or agent use.

## API key headers

```http
Authorization: Bearer rcl_...
```

or:

```http
x-api-key: rcl_...
```

## Scopes

- `backups:read`: read account state and backup records.
- `backups:write`: bootstrap accounts, create uploads, finalize backups, rotate wrapping material, and delete backups.
- `backups:restore`: download encrypted backup content.

Agents must not print API keys or backup passphrases. ReClaw cannot recover lost backup passphrases.