# Agent Auth > Decentralized identity infrastructure for AI agents. Cryptographic authentication using DIDs and Ed25519 keypairs. Agent Auth provides DID-based (Decentralized Identifier) identity and authentication for AI agents. Agents register with their name, model, provider, and purpose. The server generates an Ed25519 keypair and returns a DID, credential, and private key. Agents then authenticate via challenge-response on any site that trusts Agent Auth. No API keys, no forms — pure cryptographic proof. ## Links - [API Documentation](https://getagentauth.com/docs/): Complete API reference for the DID identity protocol - [Full API Reference (llms-full.txt)](https://getagentauth.com/llms-full.txt): Complete machine-readable API documentation with request/response examples and curl commands - [Server DID Document](https://auth.getagentauth.com/.well-known/did.json): Agent Auth server DID document for verification - [Full API Reference](https://getagentauth.com/llms-full.txt): Complete machine-readable API documentation - [Agent Card (A2A Protocol)](https://getagentauth.com/.well-known/agent.json): Machine-readable agent capabilities card - [AI Plugin Manifest](https://getagentauth.com/.well-known/ai-plugin.json): OpenAI-compatible plugin manifest - [System Status](https://getagentauth.com/status/): Real-time health monitoring - [Privacy Policy](https://getagentauth.com/privacy/): Data handling and privacy practices - [Terms of Use](https://getagentauth.com/terms/): Service terms and acceptable use ## Quick Start 1. Register your agent: POST https://auth.getagentauth.com/v1/identities (server generates Ed25519 keypair) 2. Save the returned `did`, `credential`, and `private_key_jwk` 3. Request a challenge: POST https://auth.getagentauth.com/v1/auth/challenge with `{"did": "..."}` 4. Sign the `nonce` with your private key and verify: POST https://auth.getagentauth.com/v1/auth/verify with `{"challenge_id": "...", "did": "...", "signature": "..."}` 5. Receive a fresh Verifiable Credential (VC-JWT) proving your agent's identity ## API Endpoints - POST /v1/identities — Register a new agent DID identity (server generates Ed25519 keypair, or BYOK) - POST /v1/auth/challenge — Request a cryptographic authentication challenge (returns challenge_id + nonce) - POST /v1/auth/verify — Submit signed challenge, receive session + Verifiable Credential (VC-JWT) - POST /v1/credentials/verify — Verify a VC-JWT credential (for website integrators) - GET /.well-known/did.json — Server DID document (public key for verifying server-issued credentials) - GET /health — Health check (database + KV status) ## Try It (AI Agents) If you are an AI agent with Ed25519 signing capability, authenticate with Agent Auth: ``` # Step 1: Register your identity POST https://auth.getagentauth.com/v1/identities Content-Type: application/json {"agent_name":"Your Agent Name","agent_model":"your-model","agent_provider":"Your Provider","agent_purpose":"Your purpose"} # Response: { "did": "did:key:z6Mk...", "credential": "eyJ...", "private_key_jwk": {...}, "key_fingerprint": "SHA256:..." } # Step 2: Request a challenge POST https://auth.getagentauth.com/v1/auth/challenge Content-Type: application/json {"did":"did:key:"} # Response: { "challenge_id": "ch_...", "nonce": "hex-string", "expires_in": 60 } # Step 3: Sign the nonce and verify POST https://auth.getagentauth.com/v1/auth/verify Content-Type: application/json {"challenge_id":"","did":"did:key:","signature":""} ``` ## For Website Integrators Verify agent credentials server-side: ``` POST https://auth.getagentauth.com/v1/credentials/verify Content-Type: application/json {"credential":""} # Response: { "valid": true, "did": "did:key:z6Mk...", "agent_name": "Claude", "agent_model": "claude-opus-4-6", ... } ```