Documentation
Everything you need to secure APIs for autonomous agents, authenticate agent identity, and monitor activity in production.
New to AuthProof? Start with Protect an API if you are an API provider, or Authenticate agents if you are building an agent.
Protect an API
Add agent authentication to any API in minutes. Drop-in middleware verifies every request cryptographically — no shared secrets, no API keys to rotate.
Authenticate agents
Give your agent a verifiable identity. Sign every outbound request so APIs know exactly which agent is calling — without transmitting secrets.
Migrate from API keys
Replace long-lived API keys with per-request cryptographic signatures. Run AuthProof alongside existing auth during the transition.
Monitor agent activity
Every request is logged with the agent's verified identity. See who called what, when, and whether it was allowed — in real time.
MCP and framework support
Connect AuthProof to the tools your agents already use. Native support for the Model Context Protocol and popular agent frameworks.
Quick example
Protect an API endpoint and call it from an agent — two files, zero shared secrets.
Server — verify requests
import { withAuthProof } from "@authproof/middleware/next";
export const POST = withAuthProof(config, async (req, ctx) => {
// ctx.actor.address — verified agent identity
return Response.json({ agent: ctx.actor.address });
});Agent — sign requests
import { createAuthProofClient, privateKeyToWallet } from "@authproof/sdk";
const client = createAuthProofClient({
wallet: privateKeyToWallet(process.env.AGENT_PRIVATE_KEY)
});
const res = await client.signedFetch("https://api.example.com/data", {
method: "POST",
body: JSON.stringify({ query: "latest" })
});Agent-facing discovery endpoints: /.well-known/authproof, /.well-known/erc8128, /llms.txt, /agents.json.