links.10x.in/docs/end-user/smartwork-openanalyst-access-and-desktop-pairing Published:

Smartwork and OpenAnalyst Access

Use 10x browser-first for sign-in and launch, then pair the desktop app in the browser when you need a local runtime.

Canonical production hosts

HostPurpose
https://app.10x.inBrowser-first control surface for launch, sign-in handoff, and product UI
https://ai.10x.inCanonical production API base for session checks and desktop auth endpoints
https://login.connect.10x.inShared Connect sign-in host backed by the 10x identity plane

Note

Handle hosts and custom domains stay visitor-facing. Start management, launch, and pairing from https://app.10x.in, not from a handle subdomain.

Browser access flow

  1. Open https://app.10x.in and navigate into Smartwork or OpenAnalyst.
  2. If you are not signed in, the browser is redirected to https://login.connect.10x.in.
  3. After sign-in, the browser returns to the app with an authenticated session.
  4. The app resolves product access by calling GET https://ai.10x.in/v2/account/openanalyst/me.
  5. A 401 means you need to sign in or refresh the session. A 200 means the session and OpenAnalyst entitlement context are ready.

Desktop pairing flow

The desktop app no longer uses a local password form. Pairing starts from the app or desktop shell and finishes in the browser.

  1. Start pairing from the Smartwork/OpenAnalyst connect action.
  2. The client initiates POST https://ai.10x.in/oauth/openanalyst/desktop/start with a deviceProofChallenge.
  3. A successful response returns an attemptId and an authorizeUrl.
  4. Open the authorizeUrl in the browser and complete sign-in on https://login.connect.10x.in.
  5. The desktop app redeems the authorized attempt and stores its local relay/session configuration.

Expected API behavior

These are contract-level behaviors. Most users should let the app or desktop client make these calls.

RouteSituationExpected result
POST /oauth/openanalyst/desktop/startMissing or empty deviceProofChallenge400 invalid_request
POST /oauth/openanalyst/desktop/startValid-looking deviceProofChallenge and healthy backend storage200 with attemptId and authorizeUrl
GET /v2/account/openanalyst/meNo valid browser/API session401
GET /v2/account/openanalyst/meAuthenticated and entitled user200

Integration boundary

  • Use https://app.10x.in for browser entry and product launch.
  • Use https://ai.10x.in for scripted API calls.
  • Use JWT-backed sessions for Smartwork/OpenAnalyst control-plane access.
  • Use PATs for documented handle automation routes, not for GET /v2/account/openanalyst/me.

For generic token guidance, see API Auth and Error Model and JWT vs PAT: When to Use Each.

Troubleshooting

  • If the browser keeps redirecting, sign out, then relaunch from https://app.10x.in.
  • If desktop pairing does not complete, retry the browser authorization step from the app instead of entering credentials locally.
  • If GET /v2/account/openanalyst/me returns 401, re-authenticate before retrying product actions.
  • If you still cannot launch or pair, use Troubleshooting and Support and include any request IDs or screenshots.