# Task Authorization

**This process enables the Namespace Owner to grant or deny permissions to one or more users for executing deployed and registered tasks within the namespace.** This permission determines who can execute the task and who will be responsible for the associated costs.

<figure><img src="https://1506829519-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FAfNTfJ48HTdTVB8EdvCs%2Fuploads%2FVnnsFTTzXGCKxcAawsV9%2FTask%20Auth.jpg?alt=media&#x26;token=91c943cc-a3f6-4914-bdde-de15ce0a3c38" alt=""><figcaption><p>Task Authorization Process</p></figcaption></figure>

### Task Authorization Process

1. **Granting Permission:** The [Namespace owner](https://devs.truebit.io/namespace-management#namespace) grants permission to the [Task Requester](https://devs.truebit.io/verifying-truebit-tasks) by calling the [auth grant](https://devs.truebit.io/truebit-cli-reference#auth-grant) command within the Truebit CLI.
2. **Creating an API Key:** The Task Requester creates a new API key by calling the [auth new-apikey](https://devs.truebit.io/truebit-cli-reference#auth-new-apikey) command from the Truebit CLI.
3. **Registering the API Key:** The Task Requester registers the API key by calling the [auth register](https://devs.truebit.io/truebit-cli-reference#auth-register) command from the CLI. The person who registers the API key **will be responsible for paying for the task execution**, regardless of who calls the task.
   * The Task Requester can pass the created API key to someone else to execute the task. However, the one who registered the key will still pay for the execution: Imagine a development team consisting of several developers who need to execute the task. Each developer can have his/her own unique API key or share the same API key.
4. **Executing the Task:** The Task Requester calls the execute endpoint using the API key.
5. **Validating and Executing:** The [Dispatcher](https://devs.truebit.io/architecture/introduction/truebit-verify-hub#dispatcher) service validates that the API key has permission to execute tasks within the task namespace. If verified, the dispatcher starts the task execution workflow.

{% hint style="success" %}
During the Public Beta, Truebit will cover the cost of the task execution. To qualify, please ensure you’re registered on our platform.
{% endhint %}

### **Truebit CLI Commands**

To interact with the Task Authorization smart contract, we created several commands within the Truebit CLI:

#### [Auth Commands](https://devs.truebit.io/truebit-cli-reference#auth)

* [auth grant](https://devs.truebit.io/truebit-cli-reference#auth-grant)
* [auth revoke](https://devs.truebit.io/truebit-cli-reference#auth-revoke)
* [auth register](https://devs.truebit.io/truebit-cli-reference#auth-register)
* [auth deregister](https://devs.truebit.io/truebit-cli-reference#auth-deregister)
* [auth check-authorization](https://devs.truebit.io/truebit-cli-reference#auth-check-authorization)
* [auth get-payer](https://devs.truebit.io/truebit-cli-reference#auth-get-payer)
* [auth new-apikey](https://devs.truebit.io/truebit-cli-reference#auth-new-apikey)

These commands help manage who can execute the deployed task and who will be responsible for paying for those executions.

### **Accessing a Namespace**

To allow an address to execute tasks stored in a namespace, the namespace owner must grant permission. This can be done by calling the [auth grant](https://devs.truebit.io/truebit-cli-reference#auth-grant) command from the CLI. Only the namespace owner has the authority to grant this permission. If the namespace owner wants to revoke the previously granted permission, they should call the [auth revoke](https://devs.truebit.io/truebit-cli-reference#auth-revoke) command from the CLI.

### API\_KEYS

Any user with granted permission to a namespace can generate their own API\_KEYS using the [auth new-apikey](https://devs.truebit.io/truebit-cli-reference#auth-new-apikey) command from the CLI. The user who generates the API\_KEY must register it by calling the [auth register](https://devs.truebit.io/truebit-cli-reference#auth-register) command. The user who registers the API\_KEY becomes the payer for any task execution made using that API\_KEY.&#x20;

The API\_KEY allows others to execute tasks stored in the namespace while ensuring that the API\_KEY registrant pays for the execution.&#x20;

If the registrant wants to deregister the API\_KEY so that no one else with the API key can execute tasks, they should call the [auth deregister](https://devs.truebit.io/truebit-cli-reference#auth-deregister) command from the CLI.

{% hint style="info" %}
To use the API KEY to execute a task, please look at the [Task Execution](https://devs.truebit.io/integrating-truebit-tasks) endpoint.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://devs.truebit.io/developing-truebit-tasks/task-authorization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.