Should every agent share one key?
No. Separate keys make usage attribution, revocation, and incident response cleaner.
Agent-native market data
Market data key management for AI agents
Use product-level Cornerstones keys for agents and keep private upstream credentials in server-side runtime config. That makes revocation, usage tracking, and plan enforcement visible.
Question
How should teams manage market-data access keys when coding and trading agents run repeatedly?
When this problem happens
- One copied key can spread across agent prompts, shell history, repos, and CI logs.
- Teams need monthly usage and remaining quota, not only a boolean that a key works.
- Public client examples must not teach users to expose private infrastructure secrets.
Recommended architecture
Separate upstream secrets from agent credentials; agents receive revocable product access while the runtime keeps private integrations locked down.
Implementation steps
- Issue a separate Cornerstones key for each automation lane or account boundary.
- Store the key through standard local secret handling, never in prompt text or checked-in docs.
- Verify usage and quota through the dashboard before scaling repeat runs.
- Rotate or revoke product keys without touching private upstream credentials.
Example workflow
export CORNERSTONES_API_KEY='ck_...'
cornerstones-client auth login --api-key "$CORNERSTONES_API_KEY"
cornerstones-client verifyComparison table
| Option | Best for | Tradeoff |
|---|---|---|
| Cornerstones | Agent-native market context | Requires adopting a product-level access model |
| Raw private integration | Human-operated internal systems | Can expose credentials, adapters, and unstable implementation details to agents |
| Static prompt paste | One-off prototypes | No freshness, usage accounting, entitlement boundary, or repeatable evidence trail |
FAQ
Where should usage be checked?
Use dashboard usage and quota surfaces rather than relying on local scripts alone.
Can a key grant premium routes?
Only if the account plan permits those routes. Free, Pro, and Max boundaries remain explicit.
What happens if a key leaks?
Revoke or rotate the Cornerstones key, then inspect usage. Private upstream credentials stay protected.