Act on behalf of every customer. With receipts.
End-user impersonation baked into the API. One Appstrate-User header acts as a given customer — with strict isolation and a full audit trail.
You're not running agents for yourself. You're running them for N customers.
Most AI platforms assume you're the one calling the API. The moment you embed agents in a SaaS product, you have to rebuild: per-tenant scoping, per-user auth, per-customer audit, per-customer billing context. Months of retrofit.
Appstrate ships that primitive in the API. Applications are tenants. End-users belong to applications. A single header — Appstrate-User — scopes every call to one customer. The platform enforces isolation at the query layer: runs, state, memory, webhooks all filter down to that end-user. Can't leak. Can't be forgotten.
One API. N customers. Zero leakage.
API keys scope to one application. The Appstrate-User header (Stripe-Account pattern, but exposed to you) scopes the call to one of your end-users. Every run, state object, and webhook automatically filters to that scope. Impersonation is logged — who, when, what they did.
POST /api/agents/@acme/refund-triage/run HTTP/1.1
Host: app.appstrate.com
Authorization: Bearer ask_...
Appstrate-User: eu_9qt3k8zp
Content-Type: application/json
{
"input": { "email_id": "msg_9qp3k8zp" }
}What makes it work.
End-user impersonation
Appstrate-User header. One call, scoped to one of your customers.
Strict query isolation
Runs, state, memory, webhooks — all auto-filtered to the end-user. No leakage path.
Every impersonation audited
Who impersonated whom, when, what they did. Compliance-ready log.
App-scoped everything
API keys, agents, webhooks, config — bounded by application. Multi-tenant by construction.
Ship agents per customer. Not per org.
End-user impersonation is one header away. Applications, audit, isolation — from day one.