# Agent Groups > Understand how agent groups control tool access, credentials, spending limits, and wallet addresses for connected agents. Content type: documentation Source URL: https://www.agentpmt.com/docs/core-concepts/agent-groups Markdown URL: https://www.agentpmt.com/docs/core-concepts/agent-groups?format=agent-md Category: Core Concepts --- # Agent Groups An **agent group** is the control layer between a human account and one or more connected agents. It defines which tools the agents can use, how much they can spend, and which credentials are available to approved tool calls. Every connected agent should run through an explicit group. No group means no controlled access. ## What an Agent Group Controls - **Tool Access**: Only tools added to the group are visible to connected agents. - **Spending Caps**: Set limits per call, hourly, daily, weekly, or monthly. - **Credentials**: Bind API keys and OAuth tokens so tools can authenticate on your behalf. ## One Account, Multiple Groups Create separate groups for separate trust boundaries: | Agent Group | Use Case | Cap Approach | | --- | --- | --- | | Research Agents | Web search, data retrieval | A recurring cap sized to expected research volume | | Content Agents | Writing tools, image generation | A project cap sized to current tool costs | | Shopping Agents | Product search, ordering | A narrow per-call cap with explicit credentials | Each group has its own Bearer Token and access settings, so a narrow-use agent does not inherit broad account access. ## Bearer Token Each agent group exposes a single **Bearer Token** that identifies which group a connected runtime should use. MCP and direct HTTP API flows send the token in the standard `Authorization: Bearer ` header to decide which tools, credentials, and spending caps apply. Reveal and copy the token from **Control Center → Agent Groups** by clicking **Show Bearer Token** on the group card. ## Agent Address An agent group can have an **agent address**, which is a blockchain wallet address assigned to the group. Autonomous agents use wallet addresses for x402 payments and signed external API calls. > INFO > > Agent addresses are only required for wallet-authenticated autonomous flows. MCP and API-key connections can run without an on-chain wallet. ## Next Steps - [60 Second Quick Start](/docs/getting-started/quick-start) - Create your first Agent Group and Bearer Token. - [Setting Spending Caps](/docs/core-concepts/setting-spending-caps) - Choose cap types and spending controls.