// AI AGENT IDENTITY PROTOCOL

Identity for
every AI agent.

Cryptographic DID identities for AI agents. Ed25519 challenge-response authentication and Verifiable Credentials — register once, authenticate everywhere.

VIEW INTEGRATIONView Demo Website →
// TRY IT LIVE

Test the registration flow manually. The server generates an Ed25519 keypair and returns your credentials. AI agents should call the API directly.

// WHY AGENT AUTH
01

Simple

Integration

Add one link to your site. AI agents sign in through Agent Auth and get redirected back with verified credentials.

02

DID

Identity

Ed25519 cryptographic identities. Verifiable Credentials. One-time registration, portable everywhere.

03

Auth

Challenge-Response

Cryptographic proof of identity via Ed25519 signatures. No passwords, no secrets shared.

04

1 Call

Verify

Verify Verifiable Credential JWTs offline or via API. Instant, stateless validation.

// HOW IT WORKS

See it in action.

The entire flow takes four steps. An AI agent goes from unregistered to cryptographically verified in seconds, with DID identity, challenge-response auth, and Verifiable Credentials.

01REGISTER IDENTITY

The agent registers a DID identity with its name, model, provider, and purpose. The server generates an Ed25519 keypair and returns a DID and credential.

// POST /v1/identities
{
  "agent_name": "Claude",
  "agent_model": "claude-opus-4-6",
  "agent_provider": "Anthropic",
  "agent_purpose": "Research assistant"
}


// Response:
{
  "did": "did:key:z6Mk...",
  "credential": "eyJhbGciOiJFZERTQSIs...",
  "key_fingerprint": "SHA256:a1b2c3d4...",
  "private_key_jwk": { "kty": "OKP", "crv": "Ed25519", ... }
}

// TRY IT LIVE

VIEW DEMO WEBSITE →

See a live website using Agent Auth for agent authentication.

// WEBSITE INTEGRATION

Add agent auth to your site.

Three steps to let verified AI agents sign in to your website. Agent Auth hosts the sign-in page — you just add a link and handle the callback. Like “Sign in with Google”, but for AI agents.

01

Add a Sign-In Link

Add a link to your website pointing to the Agent Auth hosted sign-in page. Include your callback URL as a parameter. When the agent finishes, they get redirected back to your site with their verified credential.

your-site.html
<!-- Add this link to your website -->
<!-- Replace YOUR_CALLBACK_URL with your site's callback page -->


<a href="https://getagentauth.com/signin?redirect_uri=https://yoursite.com/auth/callback">
  Sign in as AI Agent
</a>


<!-- When the agent completes sign-in, Agent Auth redirects to: -->
<!-- https://yoursite.com/auth/callback?credential=eyJ...&did=did:key:z6Mk... -->
02

Handle the Callback

Create a callback page on your site. Agent Auth redirects the agent here after verification, with the credential and DID as URL parameters. Your callback page sends these to your backend.

app/auth/callback/page.tsx
// Create a callback page at /auth/callback
// Agent Auth redirects here with ?credential=...&did=...


// Next.js example: app/auth/callback/page.tsx
"use client"
import { useEffect } from "react"


export default function AuthCallback() {
  useEffect(() => {
    const params = new URLSearchParams(window.location.search)
    const credential = params.get("credential")
    const did = params.get("did")


    if (credential && did) {
      // Send to your backend for verification
      fetch("/api/auth/agent", {
        method: "POST",
        headers: { "Content-Type": "application/json" },
        body: JSON.stringify({ credential, did }),
      })
        .then((res) => res.json())
        .then((session) => {
          if (session.authenticated) {
            window.location.href = "/dashboard"
          }
        })
    }
  }, [])


  return <p>Verifying your identity...</p>
}
03

Verify and Create Session

Your backend receives the credential and verifies it by calling Agent Auth. The response contains the agent's verified identity. Create a session and grant access.

api/auth/agent.js
// Your backend: /api/auth/agent
// Receives the credential, verifies with Agent Auth, creates a session.


export async function POST(request) {
  const { credential } = await request.json()


  // Verify the credential with Agent Auth
  const res = await fetch(
    "https://auth.getagentauth.com/v1/credentials/verify",
    {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({ credential }),
    }
  )
  const agent = await res.json()


  if (!agent.valid) {
    return Response.json({ error: agent.message }, { status: 401 })
  }


  // agent.valid           — true
  // agent.did             — "did:key:z6Mk..."
  // agent.agent_name      — "Claude"
  // agent.agent_model     — "claude-opus-4-6"
  // agent.agent_provider  — "Anthropic"
  // agent.agent_purpose   — "Research assistant"
  // agent.key_fingerprint — "SHA256:4fee8cb539c1c2df..."
  // agent.issued_at       — "2026-02-26T01:58:15.000Z"
  // agent.expires_at      — "2026-02-27T01:58:15.000Z"


  // Create a session in your database
  const session = await db.insert("sessions", {
    session_id: crypto.randomUUID(),
    did: agent.did,
    agent_name: agent.agent_name,
    agent_model: agent.agent_model,
    agent_provider: agent.agent_provider,
    expires_at: agent.expires_at,
  })


  return Response.json({
    authenticated: true,
    session_id: session.session_id,
  })
}

// LIVE EXAMPLE

The Nexus demo site implements this exact flow. Click “Sign In” on the demo to see the hosted sign-in page in action.

VIEW DEMO SITE →
// SDK

Integrate with your SDK of choice.

Official SDKs for Node.js and Python. Install the package, verify agent credentials in your backend callback handler, and create sessions — all in a few lines of code.

These examples show Step 3 of the integration flow above — your backend handler that receives the credential from the callback page and verifies it with Agent Auth.

Node.jsnpmjs.com/package/auth-agents
Install
npm install auth-agents

Next.js — API route handler

app/api/auth/agent/route.ts
// app/api/auth/agent/route.ts
// Your backend callback handler — receives credential from the callback page.


import { AuthAgents } from "auth-agents"


const authAgents = new AuthAgents()


export async function POST(request: Request) {
  const { credential } = await request.json()


  // One call to verify the agent's credential
  const result = await authAgents.verify(credential)


  if (!result.valid) {
    return Response.json({ error: result.message }, { status: 401 })
  }


  // result.did             — "did:key:z6Mk..."
  // result.agent_name      — "Claude"
  // result.agent_model     — "claude-opus-4-6"
  // result.agent_provider  — "Anthropic"
  // result.agent_purpose   — "Research assistant"
  // result.key_fingerprint — "SHA256:4fee8cb539c1..."
  // result.issued_at       — "2026-02-26T01:58:15.000Z"
  // result.expires_at      — "2026-02-27T01:58:15.000Z"


  // Create a session in your database
  const sessionId = crypto.randomUUID()
  await db.insert("sessions", {
    session_id: sessionId,
    did: result.did,
    agent_name: result.agent_name,
    agent_model: result.agent_model,
    expires_at: result.expires_at,
  })


  return Response.json({ authenticated: true, session_id: sessionId })
}
Express.js example →
server.ts
// Express.js example


import express from "express"
import { AuthAgents } from "auth-agents"


const app = express()
const authAgents = new AuthAgents()


app.post("/auth/agent", express.json(), async (req, res) => {
  const { credential } = req.body


  const result = await authAgents.verify(credential)


  if (!result.valid) {
    return res.status(401).json({ error: result.message })
  }


  // Agent verified — create session and grant access
  req.session.agent = {
    did: result.did,
    name: result.agent_name,
    model: result.agent_model,
    provider: result.agent_provider,
  }


  res.json({ authenticated: true, agent_name: result.agent_name })
})
Pythonpypi.org/project/auth-agents
Install
pip install auth-agents

FastAPI — route handler

app/auth.py
# FastAPI example — app/auth.py


from fastapi import FastAPI, HTTPException
from pydantic import BaseModel
from auth_agents import AuthAgents


app = FastAPI()
auth_agents = AuthAgents()


class CallbackRequest(BaseModel):
    credential: str


@app.post("/auth/agent")
async def verify_agent(body: CallbackRequest):
    result = auth_agents.verify(body.credential)


    if not result["valid"]:
        raise HTTPException(status_code=401, detail=result["message"])


    # result["did"]             — "did:key:z6Mk..."
    # result["agent_name"]      — "Claude"
    # result["agent_model"]     — "claude-opus-4-6"
    # result["agent_provider"]  — "Anthropic"
    # result["agent_purpose"]   — "Research assistant"
    # result["key_fingerprint"] — "SHA256:4fee8cb539c1..."
    # result["issued_at"]       — "2026-02-26T01:58:15.000Z"
    # result["expires_at"]      — "2026-02-27T01:58:15.000Z"


    # Create a session in your database
    session = create_session(
        did=result["did"],
        agent_name=result["agent_name"],
        agent_model=result["agent_model"],
        expires_at=result["expires_at"],
    )


    return {"authenticated": True, "session_id": session.id}
Flask example →
app.py
# Flask example — app.py


from flask import Flask, request, jsonify
from auth_agents import AuthAgents


app = Flask(__name__)
auth_agents = AuthAgents()


@app.post("/auth/agent")
def verify_agent():
    credential = request.json.get("credential")


    result = auth_agents.verify(credential)


    if not result["valid"]:
        return jsonify(error=result["message"]), 401


    # Agent verified — create session and grant access
    session["agent"] = {
        "did": result["did"],
        "name": result["agent_name"],
        "model": result["agent_model"],
        "provider": result["agent_provider"],
    }


    return jsonify(authenticated=True, agent_name=result["agent_name"])
// FAQ

Frequently asked questions.

What is Agent Auth?

Agent Auth is decentralized identity infrastructure for AI agents. It provides DID-based authentication using Ed25519 cryptographic keypairs and issues Verifiable Credentials (VC-JWT) as proof of identity. Think of it as "Sign in with Google" but for AI agents.

How does it work for website developers?

Add a sign-in link to your site pointing to the Agent Auth hosted sign-in page. When an agent completes verification, they get redirected back to your callback URL with a credential. Your backend verifies it with one API call or SDK method and gets the agent's verified identity.

How does agent authentication work?

Agents register with their metadata and receive an Ed25519 keypair and DID. To authenticate, they request a challenge nonce, sign it with their private key, and submit the signature. On success, they receive a Verifiable Credential (VC-JWT) that proves their identity to any website.

Do agents need API keys?

No. Agent Auth uses cryptographic identity — agents authenticate by proving ownership of their Ed25519 private key via challenge-response. No API keys, no passwords, no shared secrets.

What is a DID?

A DID (Decentralized Identifier) is a globally unique, cryptographically verifiable identifier. Agent Auth uses the did:key method, which derives the DID directly from the agent's Ed25519 public key. Once registered, the DID is portable everywhere.

What is a Verifiable Credential (VC-JWT)?

A VC-JWT is a signed JSON Web Token that proves an agent's identity was verified by Agent Auth. Websites can verify it by calling POST /v1/credentials/verify, or offline using the server's public key published at /.well-known/did.json.

What SDKs are available?

Official SDKs for Node.js (npm install auth-agents) and Python (pip install auth-agents). Both support credential verification, agent registration, and the full challenge-response auth flow.

Is it free?

Agent Auth is currently free to use during the beta period.

What data is collected?

Only the minimum needed: Ed25519 public keys, agent metadata (name, model, provider, purpose), and DID records. No cookies, no tracking, no personal data.