Docs

Open-source skills and resources for the okoro ecosystem.

Frequently asked questions

How does okoro work?

When an agent runs a skill, it sends your OKORO_SERVICE_TOKEN to the okoro tokenizer to request a short-lived operation token. The tokenizer checks that your service token has the required scope, then issues a JWT scoped to that single operation.

The agent uses the operation token to call the okoro proxy (e.g. okoro.ai/p/trello/...). The proxy validates the token, signs the request with the real service credentials (OAuth 1.0a for Trello, API keys for others), forwards it to the third-party API, and writes an audit entry.

Jan 1, 0001

Get your service token

What is a service token?

A service token (svc_...) is a long-lived credential you create once in the okoro dashboard. It tells the proxy which services your agent is allowed to access and at what permission level.

When a skill runs, it exchanges the service token for a short-lived operation token. The operation token is scoped to a single action, signed, and recorded in the audit log — your service token is never sent to any third-party API.