> ## Documentation Index
> Fetch the complete documentation index at: https://conto.finance/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Admin SDK

> Manage Conto agents, wallets, policies, and SDK keys with organization API keys.

# Admin SDK

Use `ContoAdmin` for organization-level automation: provisioning agents, attaching wallets, assigning
policies, and creating agent SDK keys. Use the regular `Conto` client for agent runtime payment
calls.

| Client       | Credential                        | Use for                                         |
| ------------ | --------------------------------- | ----------------------------------------------- |
| `ContoAdmin` | Organization API key, `conto_...` | Agents, wallets, policies, SDK key lifecycle    |
| `Conto`      | Agent SDK key, `conto_agent_...`  | Payment requests, execution, agent-scoped reads |

## Initialize

```typescript theme={null}
import { ContoAdmin } from '@conto_finance/sdk';

const admin = new ContoAdmin({
  orgApiKey: process.env.CONTO_ORG_API_KEY!,
});
```

Create organization API keys from **Settings > API Keys**. Store them in a secret manager and use
the smallest scope preset that can perform the job.

## Provision an agent

This is the common backend setup flow:

```typescript theme={null}
import { ContoAdmin } from '@conto_finance/sdk';

const admin = new ContoAdmin({
  orgApiKey: process.env.CONTO_ORG_API_KEY!,
});

const { members } = await admin.team.listMembers();
const owner = members.find((member) => member.user?.email === 'ops@example.com');

const wallet = await admin.wallets.create({
  name: 'ops-wallet',
  chainType: 'EVM',
  custodyType: 'PRIVY',
});
await admin.wallets.provision(wallet.id);

const policy = await admin.policies.create({
  name: 'Daily $500 limit',
  policyType: 'SPEND_LIMIT',
  rules: [{ ruleType: 'DAILY_LIMIT', operator: 'LTE', value: '500' }],
});

const agent = await admin.agents.create({
  name: 'ops-agent',
  agentType: 'CUSTOM',
  ownerMembershipId: owner?.id,
});

await admin.agents.linkWallet(agent.id, {
  walletId: wallet.id,
  delegationType: 'LIMITED',
  spendLimitPerTx: 100,
  spendLimitDaily: 500,
});

await admin.agents.assignPolicy(agent.id, policy.id);

const { key } = await admin.agents.createSdkKey(agent.id, {
  name: 'Production',
  keyType: 'standard',
  expiresInDays: 90,
});
```

The returned SDK key is shown once. Pass it to the agent runtime as `CONTO_API_KEY`.

## Method map

| Area               | Methods                                                                                  |
| ------------------ | ---------------------------------------------------------------------------------------- |
| Agents             | `agents.list`, `agents.create`, `agents.get`, `agents.update`, `agents.delete`           |
| Agent state        | `agents.freeze`, `agents.unfreeze`                                                       |
| Agent links        | `agents.linkWallet`, `agents.listWallets`, `agents.assignPolicy`, `agents.listPolicies`  |
| SDK keys           | `agents.createSdkKey`, `agents.listSdkKeys`, `agents.revokeSdkKey`                       |
| Team               | `team.listMembers`                                                                       |
| Wallets            | `wallets.list`, `wallets.create`, `wallets.get`, `wallets.update`, `wallets.delete`      |
| Wallet chain state | `wallets.provision`, `wallets.refreshBalance`                                            |
| Policies           | `policies.list`, `policies.create`, `policies.get`, `policies.update`, `policies.delete` |
| Policy rules       | `policies.addRule`, `policies.addRules`, `policies.updateRule`, `policies.deleteRule`    |

## Scopes

Admin SDK methods use organization API key scopes. Read methods need the matching `*:read` scope.
Create, update, delete, link, assign, provision, freeze, and revoke methods need the matching
`*:write` or admin scope. See [Authentication](/sdk/authentication#admin-sdk-keys) for key creation
and rotation.

## Security notes

* Organization keys can manage all agents and wallets in the organization.
* Prefer scoped keys for CI and provisioning jobs.
* Rotate keys regularly and revoke unused keys.
* Billing plan changes require an owner dashboard session, not an organization API key.

## Related

<CardGroup cols={2}>
  <Card title="Authentication" icon="key" href="/sdk/authentication">
    Key types, scopes, and rotation
  </Card>

  <Card title="Payments" icon="credit-card" href="/sdk/payments">
    Agent runtime payment calls
  </Card>

  <Card title="Policies" icon="shield" href="/policies/overview">
    Policy types and evaluation behavior
  </Card>

  <Card title="API Reference" icon="server" href="/api/reference">
    OpenAPI and REST reference links
  </Card>
</CardGroup>
