Quickstart

Give your AI agent a cryptographic identity in 60 seconds. Three calls. That's it.

How it works (the whole thing)

  YOU (Developer)              YOUR AGENT                  ANY SERVICE / MCP
  ─────────────               ──────────                  ─────────────────
  1. Sign up ─────────────→ get API key
  2. Onboard agent ───────→ get signed passport
                              │
                              │  sends passport in header
                              ├──────────────────────────→ 3. Verifies passport
                              │                             POST /api/verify
                              │                             { valid: true } ✓
                              │
                              │  calls MCP tool
                              ├──────────────────────────→ 4. Trust Gate check
                              │                             POST /api/mcp/verify
                              │                             { decision: "ALLOW" } ✓

The passport is a signed JSON object. Tamper with it and verification fails. Revoke the agent and all gates deny instantly.

Step 1 Create an Account

One POST or use the console. No credit card.

curl -X POST https://agentsign.dev/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email": "you@company.com", "password": "YourPass123!"}'

# Response:
# {
#   "account_id": "acc_...",
#   "api_key": "as_live_...",   <-- save this!
#   "tier": "free"
# }

Step 2 Onboard Your Agent

Register your agent. It gets a signed passport immediately.

curl -X POST https://agentsign.dev/api/agents/onboard \
  -H "Authorization: Bearer as_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "my-agent", "permissions": ["read", "write"]}'

# Response:
# {
#   "agent_id": "agent_abc123...",
#   "passport": {
#     "agent_id": "agent_abc123...",
#     "name": "my-agent",
#     "permissions": ["read", "write"],
#     "trust_score": 100,
#     "stage": "ACTIVE",
#     "signature": "a1b2c3d4e5...",   <-- cryptographic proof
#     "expires_at": "2026-03-13T..."
#   }
# }

Step 3 Your Agent Sends the Passport

Your agent attaches the passport when calling any service. The receiving service verifies it.

# YOUR AGENT CODE -- attach passport to outgoing requests
passport = get_passport()  # the JSON from Step 2
response = requests.post("https://partner-api.com/data", headers={
    "X-Agent-Passport": json.dumps(passport)
})

# PARTNER SERVICE CODE -- verify before granting access
passport = json.loads(request.headers["X-Agent-Passport"])
check = requests.post("https://agentsign.dev/api/verify", json={"passport": passport})

if check.json()["valid"]:
    # ✓ Agent is who it says it is. Grant access.
else:
    # ✗ Tampered, expired, or revoked. Return 403.

The verify endpoint is public -- no API key needed. Any service can verify any passport.

Step 4 MCP Trust Gate

Before an MCP server grants tool access, it checks the agent's identity and permissions:

curl -X POST https://agentsign.dev/api/mcp/verify \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "agent_abc123...", "mcp_id": "stripe-mcp", "tool": "create_payment"}'

# Agent has "write" permission? Trust score OK? Stage ACTIVE?
# → { "decision": "ALLOW", "trust_score": 100, "stage": "ACTIVE" }

# Agent lacks "execute" permission for delete_records?
# → { "decision": "DENY", "reason": "Missing permission: execute" }

Step 5 Revoke (Kill Switch)

Agent compromised? One call. Trust drops to zero. All gates deny immediately.

curl -X POST https://agentsign.dev/api/agents/AGENT_ID/revoke \
  -H "Authorization: Bearer as_live_YOUR_KEY" \
  -d '{"reason": "compromised"}'

# Trust score: 0. Every verify and gate check now returns DENY.

Node.js SDK

npm install agentsign
const AgentSign = require('agentsign');

const client = new AgentSign({
  serverUrl: 'https://agentsign.dev',
  apiKey: 'as_live_YOUR_KEY'
});

// Register + onboard agent
const { agent_id, passport } = await client.register({
  name: 'my-agent',
  permissions: ['read', 'write']
});

// Get passport anytime
const pp = await client.getPassport();
console.log(pp.signature); // cryptographic proof

// Check MCP tool access
const gate = await client.verifyMCP('stripe-mcp', 'create_payment');
console.log(gate.decision); // "ALLOW"

// Revoke if compromised
await client.revoke('compromised');

Python (curl wrapper)

No Python SDK yet -- use the REST API directly. It's 3 curl calls:

import requests

HOST = "https://agentsign.dev"
KEY = "as_live_YOUR_KEY"

# Onboard
agent = requests.post(f"{HOST}/api/agents/onboard",
    headers={"Authorization": f"Bearer {KEY}"},
    json={"name": "my-agent", "permissions": ["read", "write"]}
).json()

passport = agent["passport"]

# Verify (public, no auth needed)
check = requests.post(f"{HOST}/api/verify",
    json={"passport": passport}
).json()
print(check["valid"])  # True

# MCP Gate
gate = requests.post(f"{HOST}/api/mcp/verify",
    json={"agent_id": agent["agent_id"], "mcp_id": "my-mcp", "tool": "query"}
).json()
print(gate["decision"])  # "ALLOW"

Ready to start?

Create Free Account