> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withleaf.io/llms.txt
> Use this file to discover all available pages before exploring further.

# AgLeader

> Connect to AgLeader AgFiniti to pull machine files and field operations through Leaf's provider credentials API.

Leaf connects to AgLeader using OAuth 2.0 with public/private key pairs. Once connected, Leaf syncs machine files and field operations for the Leaf user.

## Prerequisites

1. An AgLeader developer account. [Create an account](https://www.agleader.com/developers/).
2. Your application's `publicKey` and `privateKey` from AgLeader.
3. A grower's `refreshToken` obtained through the AgLeader OAuth consent flow.

## Setup steps

1. Complete the AgLeader OAuth flow to obtain a `refreshToken` for the grower's account.
2. POST the credentials to Leaf:

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST \
      -H 'Authorization: Bearer YOUR_TOKEN' \
      -H 'Content-Type: application/json' \
      -d '{
        "refreshToken": "grower-refresh-token",
        "publicKey": "your-public-key",
        "privateKey": "your-private-key"
      }' \
      'https://api.withleaf.io/services/usermanagement/api/users/{leafUserId}/ag-leader-credentials'
  ```

  ```python Python theme={null}
  import requests

  TOKEN = 'YOUR_TOKEN'

  endpoint = 'https://api.withleaf.io/services/usermanagement/api/users/{leafUserId}/ag-leader-credentials'
  headers = {'Authorization': f'Bearer {TOKEN}'}

  data = {
      "refreshToken": "grower-refresh-token",
      "publicKey": "your-public-key",
      "privateKey": "your-private-key"
  }

  response = requests.post(endpoint, headers=headers, json=data)
  print(response.json())
  ```

  ```javascript JavaScript theme={null}
  const axios = require('axios')
  const TOKEN = 'YOUR_TOKEN'

  const endpoint = 'https://api.withleaf.io/services/usermanagement/api/users/{leafUserId}/ag-leader-credentials'
  const headers = { 'Authorization': `Bearer ${TOKEN}` }

  const data = {
      "refreshToken": "grower-refresh-token",
      "publicKey": "your-public-key",
      "privateKey": "your-private-key"
  }

  axios.post(endpoint, data, { headers })
      .then(res => console.log(res.data))
      .catch(console.error)
  ```
</CodeGroup>

3. Leaf validates the token and begins syncing. Check credential status with `GET /users/{leafUserId}/ag-leader-credentials`.

## Credentials schema

**Create request body:**

| Field          | Type   | Required | Description                                  |
| -------------- | ------ | -------- | -------------------------------------------- |
| `refreshToken` | string | Yes      | The grower's refresh token                   |
| `publicKey`    | string | Yes      | Your application's public key from AgLeader  |
| `privateKey`   | string | Yes      | Your application's private key from AgLeader |

**Response:**

```json theme={null}
{
  "id": "uuid",
  "status": "str",
  "createdTime": "yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z'",
  "accessToken": "str",
  "refreshToken": "str",
  "publicKey": "str",
  "privateKey": "str"
}
```

## Endpoints

Base URL: `https://api.withleaf.io/services/usermanagement/api`

| Action                | Method | Path                                               |
| --------------------- | ------ | -------------------------------------------------- |
| Get credentials       | GET    | `/users/{leafUserId}/ag-leader-credentials`        |
| Create credentials    | POST   | `/users/{leafUserId}/ag-leader-credentials`        |
| Delete credentials    | DELETE | `/users/{leafUserId}/ag-leader-credentials`        |
| Get credential events | GET    | `/users/{leafUserId}/ag-leader-credentials/events` |

## Troubleshooting

Use the events endpoint to inspect credential health:

<CodeGroup>
  ```bash cURL theme={null}
  curl -X GET \
      -H 'Authorization: Bearer YOUR_TOKEN' \
      'https://api.withleaf.io/services/usermanagement/api/users/{leafUserId}/ag-leader-credentials/events'
  ```

  ```python Python theme={null}
  import requests

  TOKEN = 'YOUR_TOKEN'
  endpoint = 'https://api.withleaf.io/services/usermanagement/api/users/{leafUserId}/ag-leader-credentials/events'
  headers = {'Authorization': f'Bearer {TOKEN}'}

  response = requests.get(endpoint, headers=headers)
  print(response.json())
  ```

  ```javascript JavaScript theme={null}
  const axios = require('axios')
  const TOKEN = 'YOUR_TOKEN'

  const endpoint = 'https://api.withleaf.io/services/usermanagement/api/users/{leafUserId}/ag-leader-credentials/events'
  const headers = { 'Authorization': `Bearer ${TOKEN}` }

  axios.get(endpoint, { headers })
      .then(res => console.log(res.data))
      .catch(console.error)
  ```
</CodeGroup>

<Warning>
  Event logs are retained for 30 days. Once the credential is deleted or disassociated from the Leaf user, the logs are no longer available.
</Warning>

Common issues:

* **Status changes to invalid**: The grower may have revoked access or tokens expired. Have the grower re-authorize through the AgLeader OAuth flow.
* **Key mismatch**: Verify that the `publicKey` and `privateKey` are from the same AgLeader application registration.

## What to do next

* [Connect AgLeader Tutorial](/guides/tutorials/connect-agleader) — Step-by-step walkthrough.
* [Provider Authentication Overview](/providers/overview) — How provider credentials work across all providers.
* [API Reference: Providers](/api-reference/providers) — Full endpoint reference for provider credentials.