> ## Documentation Index
> Fetch the complete documentation index at: https://authsome.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# G2

> Store and use your G2 API key with authsome. Local encrypted vault, proxy injection, no key in the agent's environment.

G2 uses a long-lived API key. Authsome stores the key encrypted in the local vault, injects it at request time through the proxy, and keeps it out of shell history, process listings, and environment dumps.

## At a glance

|               |                                            |
| ------------- | ------------------------------------------ |
| Provider name | `g2`                                       |
| Display name  | G2                                         |
| Auth type     | API key                                    |
| Header        | `Authorization: Token <key>`               |
| Proxy host    | `api.g2.com`                               |
| Env var       | `G2_API_TOKEN`                             |
| Provider docs | [https://api.g2.com/](https://api.g2.com/) |

## Get a key

See the G2 API documentation at [https://api.g2.com/](https://api.g2.com/) for how to obtain a key.

G2 API access is negotiated with G2's team; there is no self-serve key dashboard.

## Log in

```bash theme={null}
authsome login g2
```

A local browser form opens at `http://127.0.0.1:7998`. Paste the key into the masked input and submit.

On a headless machine without a graphical session, authsome falls back to masked terminal input via `getpass`. The browser bridge is skipped automatically when no display is available.

Verify:

```bash theme={null}
authsome get g2 --field status
# → connected
```

## Use the key

Run the agent under the proxy (recommended).

<CodeGroup>
  ```bash Proxy (recommended) theme={null}
  authsome run -- python my_agent.py
  ```

  ```bash Environment theme={null}
  eval "$(authsome export g2 --format env)"
  echo $G2_API_TOKEN
  ```
</CodeGroup>

Under the proxy, authsome sets `G2_API_TOKEN=authsome-proxy-managed` in the child's environment and injects the real key into outbound requests to `api.g2.com`. The child process never sees the actual value.

## Multiple keys

Pass `--connection <name>` on `login` and on every read command to keep two or more accounts on the same provider side by side. See [Multiple connections per provider](/guides/multiple-connections) for the full pattern.

```bash theme={null}
authsome login g2 --connection personal
authsome login g2 --connection team
```

## Rotate or remove the key

```bash theme={null}
authsome login g2 --force          # rotate
authsome logout g2                  # remove local credential
authsome remove g2                  # remove all local state for the provider
```

API-key providers have no revocation endpoint, so `revoke` and `remove` are equivalent for G2.

## Override the bundled definition

```bash theme={null}
authsome inspect g2 > ~/.authsome/providers/g2.json
# edit fields
authsome list   # source now shows "custom" for g2
```

## What's next

<Columns cols={2}>
  <Card title="Run agents with the proxy" icon="shield-halved" href="/guides/run-agents-with-proxy">
    Keep the key out of the agent's environment entirely.
  </Card>

  <Card title="Multiple connections per provider" icon="users" href="/guides/multiple-connections">
    Keep two or more keys on the same provider side by side.
  </Card>

  <Card title="API-key providers" icon="key" href="/integrations/api-key/index">
    All bundled API-key providers.
  </Card>
</Columns>
