AgentSign Console

Agents

Verifications

MCP Gates

0/5

Agent Limit

API Keys

Use API keys to authenticate all requests. Pass as Authorization: Bearer YOUR_KEY

Key	Created	Status

Next Steps: Create Your First Agent

You have your API key. Now onboard your first agent in 60 seconds.

Install the SDK

npm install agentsign

Onboard your agent

const AgentSign = require('agentsign');
const client = new AgentSign({ serverUrl: 'https://agentsign.dev' });
const result = await client.register({ name: 'my-agent' });
// result = { agent_id, passport: { ..., signature } }

Verify at the MCP Trust Gate

const gate = await client.verifyMCP('my-mcp-server', 'read_data');
// gate = { decision: 'ALLOW', trust_score: 100 }

Or use the Agents tab to onboard via the UI. See the How to Integrate tab for the full guide including how other services verify your agent.

Onboard Agent

Give your AI agent a cryptographic identity. Each agent gets a signed passport it carries everywhere.

Agent Name

Permissions

Available: read write execute delete admin query invoke -- These scope what MCP tools the agent can access at the Trust Gate.

Your Agents

Name	ID	Stage	Trust	Created

Registering Multiple Agents

Need to onboard a fleet of agents? Use the SDK in a loop or call the API for each agent. Every agent gets its own unique ID and passport.

const AgentSign = require('agentsign');
const client = new AgentSign({ serverUrl: 'https://agentsign.dev' });

// Register multiple agents programmatically
const agentNames = ['data-collector', 'report-writer', 'email-sender', 'code-reviewer'];

for (const name of agentNames) {
  const result = await client.register({
    name,
    permissions: ['read', 'write']
  });
  console.log(name, '->', result.agent_id);
  // Store result.passport -- agent carries this everywhere
}

// Each agent has its own identity, trust score, and revocation
// Revoke one agent without affecting the others:
// await client.revoke('compromised agent detected');

Free tier: 5 agents. Developer: 25 agents. Startup: 200 agents. See pricing

How AgentSign Works -- The Full Picture

AgentSign is identity for AI agents. Like SSL certificates prove a website is real, an agent passport proves your agent is who it claims to be. There are two sides to every integration:

🤖

Your Agent

Carries a signed passport

⟶

🔒

Any Service / MCP Tool

Verifies the passport before granting access

Your agent presents its passport. The receiving service verifies it. No valid passport = no access.

Side A: Your Agent (the caller)

This is the code that runs inside your agent. It onboards, gets a passport, and presents it when calling other services.

1. Install & Onboard (one-time setup)

npm install agentsign

const AgentSign = require('agentsign');

const client = new AgentSign({
  serverUrl: 'https://agentsign.dev'
});

// One-time: register your agent and get a signed passport
const result = await client.register({
  name: 'my-research-bot',
  permissions: ['read', 'write', 'execute']
});

// SAVE THESE -- your agent needs them every time it runs
const agentId = result.agent_id;       // "agent_1f9e4029..."
const passport = result.passport;       // { ..., signature: "159a..." }

// Store in your agent's config file, env vars, or database

2. Before calling any service, check the gate

Every time your agent wants to use an MCP tool or call another service, verify it has permission first.

// Your agent wants to call Stripe MCP to create a payment
const gate = await client.verifyMCP('stripe-mcp', 'create_payment');

if (gate.decision === 'ALLOW') {
  // Proceed -- agent is verified, trusted, and has permission
  const response = await callStripeMCP('create_payment', { amount: 5000 });
} else {
  // DENY -- agent is revoked, untrusted, or wrong permissions
  console.error('Access denied:', gate.reason);
}

3. Send your passport with requests

When your agent calls another app or API, include the passport so the other side can verify who you are.

// Your agent calls another service and includes its passport
const response = await fetch('https://partner-api.example.com/data', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Agent-Passport': JSON.stringify(passport)
  },
  body: JSON.stringify({ query: 'get user data' })
});

// The partner service will verify the passport on their end
// (see Side B below)

Side B: The Receiving Service (the verifier)

This is the code that runs on the other end -- the service or API that your agent is calling. It checks the passport is valid before granting access.

Option A: Verify via API (recommended)

The receiving service calls AgentSign's public verification endpoint. No API key needed -- anyone can verify.

// In your Express/FastAPI/Flask route handler:

app.post('/data', async (req, res) => {
  // 1. Extract the passport from the request
  const passport = JSON.parse(req.headers['x-agent-passport']);

  // 2. Verify it with AgentSign (public endpoint, no auth needed)
  const check = await fetch('https://agentsign.dev/api/verify', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ passport })
  });
  const result = await check.json();

  // 3. result = { valid: true/false, passport: {...}, reason: "..." }
  if (!result.valid) {
    return res.status(403).json({ error: 'Invalid agent passport' });
  }

  // 4. Optionally check permissions
  if (!result.passport.permissions.includes('read')) {
    return res.status(403).json({ error: 'Agent lacks read permission' });
  }

  // 5. Agent is verified -- serve the data
  res.json({ data: 'here is the protected data' });
});

Option B: Verify via MCP Trust Gate

If you're building an MCP server, use the Trust Gate instead. It checks identity + trust score + stage + permissions in one call.

// In your MCP server's tool handler:

async function handleToolCall(agentId, tool, params) {
  // Verify the agent at the Trust Gate
  const gate = await fetch('https://agentsign.dev/api/mcp/verify', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      agent_id: agentId,
      mcp_id: 'my-mcp-server',
      tool: tool
    })
  });
  const result = await gate.json();

  // result = { decision: 'ALLOW' or 'DENY', agent: {...}, reason: '...' }
  if (result.decision !== 'ALLOW') {
    throw new Error('Agent not authorized: ' + result.reason);
  }

  // Agent verified -- execute the tool
  return executeToolSafely(tool, params);
}

Option C: Verify offline with the SDK

No network call needed. The SDK can verify a passport signature locally.

const AgentSign = require('agentsign');
const client = new AgentSign({ serverUrl: 'https://agentsign.dev' });

// Verify a passport someone sent you -- no API call
const passport = JSON.parse(req.headers['x-agent-passport']);
const isValid = client.verify({ executionHash: '...', signature: '...' });
// Returns true/false

Complete End-to-End Example

Here's the full picture: Agent A (research bot) calls Service B (data API). Both sides use AgentSign.

agent.js (your bot)

const AgentSign = require('agentsign');
const c = new AgentSign({
  serverUrl: 'https://agentsign.dev'
});

// Already onboarded -- set agent ID
c.agentId = 'agent_1f9e40...';

// Check gate before calling
const gate = await c.verifyMCP(
  'data-api', 'fetch_users'
);
if (gate.decision !== 'ALLOW') {
  throw new Error('Denied');
}

// Get fresh passport
const pp = await c.getPassport();

// Call the service with passport
const res = await fetch(
  'https://data-api.com/users',
  { headers: {
    'X-Agent-Passport':
      JSON.stringify(pp)
  }}
);

// Sign the execution
const signed = c.sign(
  { tool: 'fetch_users' },
  await res.json()
);
// signed = tamper-proof record

server.js (partner API)

const express = require('express');
const app = express();

app.get('/users', async (req, res) => {
  // 1. Get passport from header
  const pp = JSON.parse(
    req.headers['x-agent-passport']
  );

  // 2. Verify with AgentSign
  const check = await fetch(
    'https://agentsign.dev/api/verify',
    { method: 'POST',
      headers: {
        'Content-Type':
          'application/json'
      },
      body: JSON.stringify({
        passport: pp
      })
    }
  );
  const v = await check.json();

  // 3. Reject if invalid
  if (!v.valid) {
    return res.status(403)
      .json({ error: 'Bad passport' });
  }

  // 4. Check permissions
  if (!v.passport.permissions
    .includes('read')) {
    return res.status(403)
      .json({ error: 'No read perm' });
  }

  // 5. Serve data
  res.json({ users: [...] });
});

cURL Quick Reference

All endpoints. Replace YOUR_KEY with your API key from the API Keys tab.

# Onboard an agent (authenticated)
curl -X POST https://agentsign.dev/api/agents/onboard \
  -H "Authorization: Bearer YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"my-agent","permissions":["read","write"]}'

# Get agent passport (authenticated)
curl https://agentsign.dev/api/agents/AGENT_ID/passport \
  -H "Authorization: Bearer YOUR_KEY"

# Verify a passport (PUBLIC -- no auth needed)
curl -X POST https://agentsign.dev/api/verify \
  -H "Content-Type: application/json" \
  -d '{"passport":{"agent_id":"...","signature":"..."}}'

# MCP Trust Gate (PUBLIC -- no auth needed)
curl -X POST https://agentsign.dev/api/mcp/verify \
  -H "Content-Type: application/json" \
  -d '{"agent_id":"AGENT_ID","mcp_id":"my-mcp","tool":"read_data"}'

# Revoke an agent (authenticated)
curl -X POST https://agentsign.dev/api/agents/AGENT_ID/revoke \
  -H "Authorization: Bearer YOUR_KEY" \
  -d '{"reason":"compromised"}'

AgentSign