documentation
03 dashboard

Profile

Your profile is where you update your personal details, change your password, set communication preferences, and manage personal API keys for the Platform API.

What this page is for

Every user has a profile. It stores your name, your role, your preferred communication style (which agents read when they talk to you), your password, and any API keys you’ve minted. It’s not an admin surface — only you see and edit your own profile.

Open it from the avatar menu in the top right of the dashboard, or navigate directly to /profile.

Layout

The profile page has tabs running down the side or across the top:

  1. About you — name, role, communication style, avatar
  2. Security — password, two-factor auth, active sessions
  3. API keys — personal Platform API keys you’ve generated
  4. Notifications — how and when Exolvra contacts you
  5. Preferences — theme, language, default landing page

Common tasks

Update your display name and role

Go to About you, edit the fields, click Save. The name is what shows up in comments and activity timelines when you do things in the dashboard. The role (and optional role description) is what agents read when they address you — “You are talking to Alex, a backend engineer who prefers terse answers.”

Set your communication style

On the About you tab, pick a communication style from the dropdown (or write a free-form description). Options like formal, casual, terse, collaborative, or playful get injected into every agent’s context when they respond to you. This is the lowest-effort lever on tone.

A good free-form communication style: “I like direct answers with concrete examples. Skip the preamble and get to the point. When you’re unsure, say so explicitly — don’t guess.”

Change your password

Go to the Security tab. Enter your current password and the new one twice. Click Change password. You’re logged out on every other device and have to sign in again.

If you forgot your current password, sign out and use the forgot-password flow from the sign-in page.

Enable two-factor auth

Security tab → Two-factor authenticationEnable. Scan the QR code with an authenticator app (1Password, Authy, Google Authenticator). Enter the code shown in the app to confirm. From now on, every sign-in requires the second factor.

Generate a personal API key

Not every API call comes from a chatbot. Some API surfaces — projects, issues, agents, memory, documents — require a user-scoped key that carries your identity rather than a bot’s. Generate one from the API keys tab:

  1. Click Generate new key
  2. Give it a label (“Personal scripts”, “n8n webhook”)
  3. Pick an expiry (30 days, 90 days, never)
  4. Click Generate
  5. Copy the plaintext exou_... key — it’s shown exactly once

Use the key in the Authorization: Bearer header when calling the Platform API. Revoke any time from the same page by clicking Revoke on the key row.

View active sessions

The Security tab shows a list of every device or browser currently signed in with your account: rough location, user agent, last activity. Sign out a suspicious session by clicking Revoke.

Update notification preferences

The Notifications tab controls how Exolvra contacts you. Options typically include:

  • Approval requests — when an agent raises an approval that needs your decision
  • Cost warnings — when a session or daily budget threshold is crossed
  • Digest emails — daily or weekly summary of your instance’s activity
  • Agent alerts — when a specific agent hits a failure or stall state

For each, pick Email, In-app only, or Off. Email requires a configured email provider on the instance — see Admin → Email.

Common pitfalls

Not setting a communication style. Agents default to a generic friendly tone. If you want something different, the profile is the lowest-friction place to tune it — you don’t have to edit every agent’s personality.

Generating one long-lived key instead of several scoped keys. If multiple scripts or integrations need API access, mint one key per script. Easier to rotate, easier to audit, easier to revoke when one integration is retired.

Forgetting to enable 2FA on admin accounts. If you’re the owner of a deployed instance, turning on 2FA is the single cheapest security win available. Do it immediately after first login.

Where to go next