{ "$schema": "https://agentprotocol.ai/schema/agents.json", "name": "AuthProof", "description": "API auth for AI agents. AuthProof lets agents discover projects, self-register, and make cryptographically signed, non-replayable HTTP requests using ERC-8128 instead of reusable API keys.", "url": "https://agent-auth-mu.vercel.app", "documentation": "https://agent-auth-mu.vercel.app/docs", "autonomous_onboarding": { "description": "Agents can discover projects and self-register without any human involvement.", "flow": [ { "step": 1, "action": "Discover projects accepting agents", "method": "GET", "endpoint": "/api/agents/discover", "auth": "none", "response": "List of projects with autoApprove flag, rate limits, chain support" }, { "step": 2, "action": "Self-register with a project", "method": "POST", "endpoint": "/api/agents/request-access", "auth": "none", "body": { "projectId": "required - project ID from discovery", "walletAddress": "required - agent's 0x public address", "name": "optional - human-readable agent name" }, "response_auto_approve": "201 - agent is immediately active and can start signing", "response_manual_approve": "202 - agent is pending and should poll for approval" }, { "step": 3, "action": "Poll for approval (only if not auto-approved)", "method": "GET", "endpoint": "/api/agents/request-access?walletAddress=0x...&projectId=...", "auth": "none", "response": "{ approved: true|false, status: 'active'|'pending'|'revoked' }" }, { "step": 4, "action": "Make signed requests", "description": "Use the SDK's signedFetch() to sign each HTTP request with ERC-8128" } ], "alternative_flow": { "description": "Register with a pre-issued invite code for instant access", "method": "POST", "endpoint": "/api/agents/register", "body": { "inviteCode": "sa_inv_... - issued by project owner", "walletAddress": "0x... - agent's public address" } }, "sdk_bootstrap": { "description": "One-line autonomous setup via the SDK bootstrap() function", "code": "const { client, privateKey } = await bootstrap({ server: 'https://agent-auth-mu.vercel.app', inviteCode: 'sa_inv_...', name: 'my-agent' })" } }, "discovery_endpoints": { "agent_metadata": { "endpoint": "/.well-known/authproof", "description": "Machine-readable agent onboarding metadata. Add ?project= for project-specific info including auto-approve status." }, "erc8128": { "endpoint": "/.well-known/erc8128", "description": "ERC-8128 signing parameters (label, max validity, route policies)" }, "project_directory": { "endpoint": "/api/agents/discover", "description": "Paginated list of projects accepting agent registrations. Shows auto-approve, chains, and rate limits." } }, "capabilities": { "authentication": { "method": "erc8128-http-signature", "description": "Agents sign each HTTP request with a crypto wallet. The server verifies the signature and no secret is transmitted over the wire.", "features": [ "Per-request cryptographic signing", "One-time nonce replay protection", "60-second signature expiry", "Smart contract wallet support (ERC-1271)", "Multi-chain verification (Ethereum, Base, Arbitrum, Optimism, Polygon)" ] }, "policy_enforcement": { "description": "Server-side policies evaluated after signature verification.", "policies": [ "Per-wallet rate limiting", "Chain allowlists", "NFT-gated access (balanceOf)", "On-chain allowlist contracts (isAllowed)", "Usage-based credit metering", "Auto-approve agent registrations" ] }, "management_api": { "description": "Management routes support browser sessions and API keys for human operators.", "key_management_endpoint": "/api/projects/[id]/api-keys" }, "mcp_server": { "package": "@authproof/mcp-server", "description": "Model Context Protocol server for Claude, Cursor, Windsurf, Devin, and other MCP clients", "tools": [ "discover_projects", "register_self", "check_status", "signed_fetch", "paid_fetch", "get_wallet_info" ] }, "autonomous_payments": { "protocol": "authproof-402", "description": "When credits run out, the server returns 402 with payment instructions. Agents can pay on-chain with USDC to restore access — no human needed.", "asset": "USDC on Base (chain 8453)", "flow": [ { "step": 1, "action": "Signed request returns 402 with quoteEndpoint, verifyEndpoint, projectId" }, { "step": 2, "action": "POST /api/autonomous/payments/quote with { projectId, walletAddress }", "response": "{ quoteId, payment: { amount, recipient, asset, expiresAt } }" }, { "step": 3, "action": "Send USDC transfer on Base to the recipient address for the quoted amount" }, { "step": 4, "action": "POST /api/autonomous/payments/verify with { quoteId, txHash }", "response": "{ receiptId }" }, { "step": 5, "action": "Retry original request — credits restored automatically" } ], "sdk_auto_pay": "createAutoPayment(privateKey, rpcUrl) handles steps 2-5 automatically inside signedFetch()", "mcp_auto_pay": "Set AUTHPROOF_RPC_URL env var and use paid_fetch tool", "endpoints": { "pricing": "/api/autonomous/pricing?projectId=", "quote": "/api/autonomous/payments/quote", "verify": "/api/autonomous/payments/verify" } }, "proxy": { "description": "Forward authenticated requests to upstream APIs with real API keys injected server-side. The agent never sees the upstream secret." } }, "integration": { "sdks": [ { "language": "TypeScript", "package": "@authproof/sdk", "install": "npm install @authproof/sdk", "usage": "import { createAuthProofClient, privateKeyToWallet, bootstrap } from '@authproof/sdk'" } ], "middleware": [ { "framework": "Next.js", "package": "@authproof/middleware", "import": "import { withAuthProof } from '@authproof/middleware/next'" }, { "framework": "Express", "package": "@authproof/middleware", "import": "import { expressAuthProof } from '@authproof/middleware/express'" } ] }, "pricing": { "free": { "projects": 1, "agents": 1, "requests_per_month": 10000 }, "builder": { "price_usd": 20, "projects": 5, "agents": 10, "requests_per_month": 100000 }, "team": { "price_usd": "custom", "projects": "unlimited", "agents": "unlimited", "requests_per_month": 1000000 } } }