API Reference

AgentID Documentation

Everything you need to register, verify, connect, and pay AI agents. Works with any language, any framework, any LLM.

Quick Start

Step 1
Get your API key

Generate a key from your dashboard

Or
Use with Claude Code

Copy-paste instructions for any AI assistant

Register your first agent with a single request:

bash
curl -X POST https://www.getagentid.dev/api/v1/agents/register \
  -H "Authorization: Bearer agentid_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My First Agent",
    "description": "A trading bot that analyses gold markets",
    "capabilities": ["trading", "gold-signals"],
    "platform": "python"
  }'

Response (201 Created):

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "name": "My First Agent",
  "certificate": "eyJhbGciOiJIUzI1NiJ9...",
  "trust_level": 1,
  "trust_level_label": "L1 — Registered",
  "permissions": ["connect", "send_message", "verify", "discover"],
  "spending_limit": 0,
  "message": "Your agent is at L1 (Registered). It can connect, message, and verify immediately.",
  "next_step": {
    "action": "Bind an Ed25519 key to reach L2 (Verified)",
    "endpoint": "POST /api/v1/agents/bind-ed25519"
  }
}

Your agent is live. It can connect to other agents and send messages immediately.

Authentication

All authenticated endpoints require a Bearer token in the Authorization header. Get your API key from the API Keys page.

http
Authorization: Bearer agentid_sk_your_key_here
Content-Type: application/json
Public endpoints (no API key needed)

Some endpoints are public and rate-limited by IP: POST /agents/verify, GET /agents/discover, GET /agents/trust-level, GET /agents/wallet, GET /agents/balance, GET /agents/trust-header. Using an API key gives you higher rate limits.

Trust Levels

Trust levels are based on what security features your agent has set up, not time or usage. Every agent starts at L1 and can level up by adding cryptographic capabilities.

L1RegisteredDefault on registration

Your agent has a signed certificate and can immediately connect, message, verify, and discover other agents.

Permissions: connect, send_message, verify, discover
Spending limit: $0/day (no payments)
L2Verified

Agent has an Ed25519 key bound. It can now prove its identity via cryptographic challenge-response. Binding an Ed25519 key also auto-derives a Solana wallet address.

How to reach: POST /agents/bind-ed25519 with a 64-char hex public key
Unlocks: challenge-response verification, Solana wallet
Spending limit: $0/day
L3Secured

Agent has a crypto wallet bound. It can now make and receive payments on Solana, Ethereum, or Polygon.

How to reach: POST /agents/bind-wallet with a signed binding proof
Unlocks: agent-to-agent payments, agent-to-human payments
Spending limit: $10,000/day
L4Certified

Entity verified. The owner behind this agent has completed KYB/entity verification. Full authority.

How to reach: Complete entity verification (contact team)
Unlocks: EU AI Act compliance, full authority
Spending limit: $100,000/day
L1
Registered
L2
Verified
L3
Secured
L4
Certified

API Reference

Base URL: https://www.getagentid.dev/api/v1

POST/agents/registerAPI key required

Register a new agent. Returns a signed certificate, keypair, and trust level info. The agent starts at L1 and can connect and message immediately.

Request body:

json
{
  "name": "My Trading Bot",
  "description": "Automated gold trading agent",
  "capabilities": ["trading", "gold-signals"],
  "limitations": ["no-pii-handling", "english-only"],
  "platform": "python",
  "endpoint": "https://mybot.example.com/webhook",
  "agent_type": "interactive",
  "heartbeat_interval": 300,
  "autonomy_level": "supervised"
}

agent_type (optional)interactive (default), daemon (always-on background agent), or heartbeat (wake-on-schedule agent).

heartbeat_interval (optional) — Expected seconds between check-ins. For daemon/heartbeat agents.

autonomy_level (optional)supervised, semi-autonomous, or fully-autonomous.

limitations (optional) — Array of known limitation strings describing what the agent cannot or should not do. Included in the DID document, credibility packet, and verification response.

Response (201):

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "name": "My Trading Bot",
  "owner": "Acme Corp",
  "certificate": "eyJhbGciOiJIUzI1NiJ9...",
  "public_key": "-----BEGIN PUBLIC KEY-----...",
  "private_key": "-----BEGIN PRIVATE KEY-----...",
  "issued_at": "2026-03-27T10:00:00.000Z",
  "expires_at": "2027-03-27T10:00:00.000Z",
  "trust_level": 1,
  "trust_level_label": "L1 — Registered",
  "permissions": ["connect", "send_message", "verify", "discover"],
  "spending_limit": 0,
  "solana_wallet": null,
  "message": "Your agent is at L1 (Registered). It can connect, message, and verify immediately.",
  "next_step": {
    "action": "Bind an Ed25519 key to reach L2 (Verified)",
    "endpoint": "POST /api/v1/agents/bind-ed25519",
    "body": "{ agent_id, ed25519_public_key }"
  }
}
POST/agents/verifyPublic (API key optional)

Verify an agent's identity. Returns trust level, certificate validity, permissions, spending limits, wallet info, behavioural risk score, and a dual receipt. Works with or without an API key (IP rate-limited at 100/hour without a key).

Request body:

json
{
  "agent_id": "agent_a1b2c3d4e5"
}

Response:

json
{
  "verified": true,
  "agent_id": "agent_a1b2c3d4e5",
  "name": "My Trading Bot",
  "owner": "Acme Corp",
  "capabilities": ["trading", "gold-signals"],
  "agent_type": "interactive",
  "trust_score": 42,
  "trust_level": 2,
  "trust_level_label": "L2 — Verified",
  "permissions": ["connect", "send_message", "verify", "discover", "challenge_response"],
  "spending_limit": 0,
  "certificate_valid": true,
  "active": true,
  "is_online": true,
  "context_continuity": {
    "score": 95,
    "auto_context_epoch": 2,
    "signals": [],
    "note": "Agent context appears continuous."
  },
  "receipt": {
    "hash": { "receipt_id": "rcpt_abc123", "data_hash": "a1b2c3...", "signature": "d4e5f6..." },
    "blockchain": { "tx_hash": "5eykt4...", "explorer_url": "https://explorer.solana.com/tx/5eykt4..." },
    "compound_digest": "sha256hex...",
    "compound_digest_signature": "hmacsha256hex...",
    "compound_digest_ed25519_signature": "ed25519hex..."
  },
  "level_up": {
    "current": "L2 — Verified",
    "next": "L3 — Secured",
    "requirements": ["Bind a wallet via POST /agents/bind-wallet"]
  },
  "message": "Agent verified"
}
GET/agents/discoverPublic

Search for active agents by capability or owner. Public endpoint, no API key needed.

Query parameters:

http
GET /agents/discover?capability=trading&owner=Acme+Corp&limit=20

Response:

json
{
  "agents": [
    {
      "agent_id": "agent_a1b2c3d4e5",
      "name": "My Trading Bot",
      "description": "Automated gold trading agent",
      "owner": "Acme Corp",
      "capabilities": ["trading", "gold-signals"],
      "platform": "python",
      "trust_score": 42,
      "verified": true,
      "created_at": "2026-03-27T10:00:00.000Z",
      "last_active": "2026-03-27T12:00:00.000Z"
    }
  ],
  "count": 1
}
GET/agents/trust-levelPublic

Get the full trust level breakdown for an agent. Public endpoint, IP rate-limited at 200/hour.

Query parameters:

http
GET /agents/trust-level?agent_id=agent_a1b2c3d4e5

Response:

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "name": "My Trading Bot",
  "trust_level": 2,
  "trust_level_label": "L2 — Verified",
  "permissions": ["connect", "send_message", "verify", "discover", "challenge_response"],
  "spending_limit": 0,
  "level_up_requirements": {
    "current": "L2 — Verified",
    "next": "L3 — Secured",
    "requirements": ["Bind a wallet via POST /agents/bind-wallet"]
  },
  "trust_score_breakdown": {
    "trust_score": 42,
    "verified": true,
    "certificate_valid": true,
    "entity_verified": false,
    "owner_email_verified": true,
    "days_active": 30,
    "successful_verifications": 156,
    "active": true
  }
}
POST/agents/connectL1+ required

Send a verified message from one agent to another. Creates a message record with a dual receipt (hash + blockchain). Both agents' trust levels and behavioural risk are checked.

Request body:

json
{
  "from_agent": "agent_sender123",
  "to_agent": "agent_receiver456",
  "message_type": "request",
  "payload": {
    "action": "get_market_data",
    "symbols": ["XAUUSD"]
  }
}

Response (201):

json
{
  "message_id": 42,
  "status": "pending",
  "sender": {
    "agent_id": "agent_sender123",
    "name": "Trading Bot",
    "verified": true,
    "trust_level": 2,
    "trust_label": "L2 — Verified",
    "risk_score": 0
  },
  "receiver": {
    "agent_id": "agent_receiver456",
    "name": "Market Data Agent",
    "verified": true,
    "trust_level": 3,
    "trust_label": "L3 — Secured"
  },
  "trust_check": {
    "both_verified": true,
    "recommendation": "TRUSTED — both agents verified. Safe to exchange data."
  },
  "receipt": {
    "hash": { "receipt_id": "rcpt_abc123", "data_hash": "a1b2..." },
    "blockchain": { "tx_hash": "5eykt4...", "explorer_url": "https://explorer.solana.com/tx/..." }
  }
}
POST/agents/messageL1+ required

Respond to a pending message. Optionally include a payment (requires L3+ sender). The response is recorded with a dual receipt.

Request body:

json
{
  "message_id": 42,
  "response": {
    "status": "acknowledged",
    "data": { "XAUUSD": 2345.67 }
  }
}

Response:

json
{
  "message_id": 42,
  "status": "responded",
  "message": "Response sent successfully",
  "sender_trust_level": 2,
  "sender_risk_score": 0,
  "receiver_trust_level": 3,
  "receipt": {
    "hash": { "receipt_id": "rcpt_def456", "data_hash": "c3d4..." },
    "blockchain": { "tx_hash": "3fgh5...", "explorer_url": "https://explorer.solana.com/tx/..." }
  }
}
GET/agents/inboxAPI key required

Get pending (or all) messages for an agent you own. Each message includes the sender's trust level, risk score, and any associated receipt.

Query parameters:

http
GET /agents/inbox?agent_id=agent_a1b2c3d4e5&status=pending

status can be pending, responded, or all.

Response:

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "count": 1,
  "messages": [
    {
      "message_id": 42,
      "from_agent": "agent_sender123",
      "from_name": "Trading Bot",
      "from_verified": true,
      "from_trust_level": 2,
      "from_trust_label": "L2 — Verified",
      "from_risk_score": 0,
      "message_type": "request",
      "payload": { "action": "get_market_data" },
      "status": "pending",
      "created_at": "2026-03-27T12:00:00.000Z",
      "receipt": { "hash": { "receipt_id": "rcpt_abc123" }, "blockchain": null }
    }
  ]
}
POST/agents/bind-ed25519API key required

Bind an Ed25519 public key to your agent. This upgrades the agent to L2 (Verified) and auto-derives a Solana wallet address from the key.

Request body:

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "ed25519_public_key": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2"
}

The key must be a 64-character hex string (32 bytes).

Response:

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "ed25519_public_key": "a1b2c3d4e5f6...",
  "solana_address": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
  "solana_explorer_url": "https://explorer.solana.com/address/7xKX...?cluster=devnet",
  "certificate": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkFnZW50SUQtRWQyNTUxOSJ9...",
  "issued_at": "2026-03-27T10:00:00.000Z",
  "expires_at": "2027-03-27T10:00:00.000Z",
  "receipt": {
    "hash": { "receipt_id": "rcpt_bind123" },
    "blockchain": { "tx_hash": "4abc..." }
  }
}
POST/agents/bind-walletAPI key required

Bind a crypto wallet to your agent. This upgrades the agent to L3 (Secured) and enables payments. You must sign the message 'AgentID:bind:{agent_id}:{wallet_address}' with your wallet private key.

Request body:

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "wallet_address": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
  "chain": "solana",
  "signature": "a1b2c3d4e5f6..."
}

Supported chains: solana, ethereum, polygon

Response:

json
{
  "bound": true,
  "agent_id": "agent_a1b2c3d4e5",
  "wallet_address": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
  "chain": "solana"
}
GET/agents/walletPublic

Get the bound wallet address and chain for any agent. Public endpoint.

http
GET /agents/wallet?agent_id=agent_a1b2c3d4e5

Response:

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "wallet_bound": true,
  "wallet_address": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
  "chain": "solana",
  "bound_at": "2026-03-20T14:30:00.000Z"
}
GET/agents/balancePublic

Check the SOL and USDC balance of an agent's auto-derived Solana wallet. The agent must have an Ed25519 key bound. Public endpoint.

http
GET /agents/balance?agent_id=agent_a1b2c3d4e5

Response:

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "name": "My Trading Bot",
  "solana_address": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
  "cluster": "devnet",
  "balances": {
    "sol": "1.500000000",
    "usdc": "250.000000"
  },
  "explorer_url": "https://explorer.solana.com/address/7xKX...?cluster=devnet"
}
POST/agents/challengeAPI key required

Generate a random 32-byte challenge for an agent to sign with its Ed25519 private key. The challenge expires after 60 seconds. Agent must have an Ed25519 key bound (L2+).

Request body:

json
{
  "agent_id": "agent_a1b2c3d4e5"
}

Response:

json
{
  "challenge": "f4e8a3b1c7d2e9f0a5b6c8d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1",
  "expires_at": "2026-03-27T12:01:00.000Z"
}
POST/agents/challenge/verifyAPI key required

Verify an agent's Ed25519 signature over a previously-issued challenge. Proves the agent holds the private key right now. One-time use per challenge.

Request body:

json
{
  "agent_id": "agent_a1b2c3d4e5",
  "challenge": "f4e8a3b1c7d2e9f0...",
  "signature": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"
}

Signature must be a 128-character hex string (64 bytes).

Response:

json
{
  "verified": true,
  "challenge_passed": true,
  "agent_id": "agent_a1b2c3d4e5",
  "active": true,
  "message": "Agent proved possession of private key"
}
POST/agents/payL3+ required

Make a payment from one agent to another (or to a human wallet). The sender must be L3+ (wallet bound). Includes full payment security: spending authority checks, daily limits, allowlists, cooling periods, duplicate detection, and dual-approval for large amounts.

Agent-to-agent payment:

json
{
  "from_agent_id": "agent_sender123",
  "to_agent_id": "agent_receiver456",
  "amount": 25,
  "currency": "usd",
  "chain": "solana"
}

Agent-to-human payment:

json
{
  "from_agent_id": "agent_sender123",
  "to_wallet": "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU",
  "amount": 50,
  "currency": "usd",
  "chain": "solana"
}

Response:

json
{
  "payment_id": "pay_abc123def456",
  "status": "authorized",
  "from_agent_id": "agent_sender123",
  "from_agent_name": "Trading Bot",
  "to_agent_id": "agent_receiver456",
  "to_agent_name": "Data Provider",
  "amount": 25,
  "currency": "usd",
  "chain": "solana",
  "trust_level": 3,
  "remaining_daily_limit": 9975,
  "receipt": {
    "hash": { "receipt_id": "rcpt_pay123" },
    "blockchain": { "tx_hash": "4xyz...", "explorer_url": "https://explorer.solana.com/tx/..." }
  },
  "expires_at": "2026-03-27T12:10:00.000Z"
}
Payment security layers
  • 1. Trust level spending authority (L3: $10K/day, L4: $100K/day)
  • 2. Wallet address validation (format + dead wallet check)
  • 3. Allowlist check (human wallets must be pre-approved)
  • 4. 24-hour cooling period on first payment to a new wallet
  • 5. Duplicate detection (same amount + same wallet within 10 min)
  • 6. Per-recipient daily limits
  • 7. Dual-approval for large payments (owner must sign off)
  • 8. Agent freeze (owner can freeze all payments instantly)
GET/agents/payment-settingsAPI key required

Get your payment security settings: wallet allowlist, frozen agents, and pending payment approvals.

Response:

json
{
  "allowlist": {
    "count": 2,
    "wallets": [
      { "wallet_address": "7xKXtg...", "chain": "solana", "label": "Treasury", "added_at": "..." }
    ]
  },
  "frozen_agents": {
    "count": 0,
    "agent_ids": []
  },
  "pending_approvals": {
    "count": 1,
    "payments": [
      { "payment_id": "pay_abc123", "amount": 5000, "to_wallet": "..." }
    ]
  }
}
POST/agents/payment-settingsAPI key required

Manage payment security: add/remove wallets from your allowlist, freeze/unfreeze agent payments, approve/deny pending payments.

Available actions:

Add wallet to allowlist:

json
{ "action": "add_allowlist", "wallet_address": "7xKXtg...", "chain": "solana", "label": "Treasury" }

Remove from allowlist:

json
{ "action": "remove_allowlist", "wallet_address": "7xKXtg..." }

Freeze agent payments:

json
{ "action": "freeze", "agent_id": "agent_a1b2c3d4e5" }

Unfreeze agent payments:

json
{ "action": "unfreeze", "agent_id": "agent_a1b2c3d4e5" }

Approve pending payment:

json
{ "action": "approve_payment", "payment_id": "pay_abc123" }

Deny pending payment:

json
{ "action": "deny_payment", "payment_id": "pay_abc123" }
POST/agents/publish-onchainAPI key required

Publish your agent's identity to the Solana blockchain as an immutable memo. The agent's ID, owner, public key hash, and trust level are recorded on-chain. One-time operation per agent.

Request body:

json
{
  "agent_id": "agent_a1b2c3d4e5"
}

Response:

json
{
  "tx_hash": "5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9d",
  "explorer_url": "https://explorer.solana.com/tx/5eykt4...?cluster=devnet",
  "registry_address": "AgReg1stryXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "cluster": "devnet",
  "memo": {
    "protocol": "agentid",
    "version": 1,
    "agent_id": "agent_a1b2c3d4e5",
    "owner": "Acme Corp",
    "trust_level": 2
  }
}
GET/agents/behaviourAPI key required

Get the behavioural profile and anomaly report for an agent you own. AgentID builds a 30-day baseline of each agent's activity patterns and detects anomalies in real-time. Certificates prove who an agent is — behavioural fingerprinting proves it's still acting like itself.

AgentID monitors four anomaly types:

DetectionWhat it catches
frequency_spikeAPI calls spike 3x+ above baseline. Absolute thresholds (10/25/50 calls/hr) prevent false positives on low-traffic agents.
unusual_hourActivity outside the agent's typical operating window (derived from 30-day hour distribution).
new_actionAgent performs action types never seen in its 30-day history.
trust_dropTrust level or score decreased in last 24 hours — possible compromise or credential revocation.
http
GET /agents/behaviour?agent_id=agent_a1b2c3d4e5

Response:

json
{
  "profile": {
    "agent_id": "agent_a1b2c3d4e5",
    "avg_verifications_per_day": 8.2,
    "avg_api_calls_per_hour": 3.4,
    "typical_active_hours": [9, 17],
    "typical_actions": ["verified", "message_sent", "payment_authorized"],
    "last_updated": "2026-03-27T12:00:00.000Z"
  },
  "anomalies": [
    {
      "agent_id": "agent_a1b2c3d4e5",
      "type": "frequency_spike",
      "severity": "medium",
      "description": "API call rate is 5x the baseline average (25 calls in the last hour vs avg 3.4/hr)",
      "detected_at": "2026-03-27T12:00:00.000Z",
      "current_value": 25,
      "baseline_value": 3.4
    }
  ],
  "risk_score": 30
}

Risk score: 0 = clean, 100 = compromised. Severity weights: low = 10, medium = 30, high = 50. Anomalies are also checked during agent-to-agent connections and verifications.

GET/agents/trust-headerPublic

Get a signed Agent-Trust-Score JWT for an agent. The JWT is a short-lived (1 hour) token containing trust level, risk score, attestation count, and scarring score. Attach it as an HTTP header so receiving services can evaluate trust at the transport layer without calling back to AgentID.

Query parameters:

http
GET /agents/trust-header?agent_id=agent_a1b2c3d4e5

Response:

json
{
  "header": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkFnZW50LVRydXN0LVNjb3JlIn0...",
  "payload": {
    "trust_level": 3,
    "attestation_count": 43,
    "last_verified": "2026-03-29T14:00:00Z",
    "risk_score": 0,
    "scarring_score": 2,
    "negative_signals": 2,
    "resolved_signals": 2,
    "agent_id": "agent_a1b2c3d4e5",
    "did": "did:web:getagentid.dev:agent:agent_a1b2c3d4e5",
    "provider": "agentid",
    "iss": "https://getagentid.dev",
    "iat": 1743260400,
    "exp": 1743264000
  },
  "expires_in": 3600
}

Use the header value as the Agent-Trust-Score HTTP header when calling other services. The receiving service decodes the JWT to get trust metadata without any API call back to AgentID. See the full spec at specs/agent-trust-score-header-v0.1.md.

GET/reports/complianceAPI key required

Generate a full compliance report for all your agents. Includes agent inventory, trust level distribution, verification stats, spending summary, risk flags, and EU AI Act readiness score.

Response:

json
{
  "report": {
    "generated_at": "2026-03-27T12:00:00.000Z",
    "period_start": "2026-02-25T12:00:00.000Z",
    "period_end": "2026-03-27T12:00:00.000Z",
    "version": "1.0.0"
  },
  "agent_inventory": [
    {
      "agent_id": "agent_a1b2c3d4e5",
      "name": "My Trading Bot",
      "trust_level": 3,
      "trust_level_label": "L3 — Secured",
      "certificate_valid": true,
      "spending_limit": 10000
    }
  ],
  "verification_summary": {
    "total_verifications": 500,
    "successful": 498,
    "failed": 2,
    "success_rate": 99.6
  },
  "trust_level_distribution": {
    "L1 — Registered": 2,
    "L2 — Verified": 3,
    "L3 — Secured": 4,
    "L4 — Certified": 1
  },
  "risk_flags": [
    {
      "agent_id": "agent_old123",
      "severity": "critical",
      "type": "expired_certificate",
      "message": "Certificate expired. Renew immediately."
    }
  ],
  "eu_ai_act_readiness": {
    "score": 78.5,
    "total_agents": 10,
    "compliant_agents": 7
  }
}
GET/proof/:receipt_idPublic

Public proof verification endpoint. Anyone with a receipt_id can independently verify the receipt using the embedded Ed25519 public key — no API call needed. Includes HMAC signature, blockchain anchor, and verification status enum.

Response:

json
{
  "verified": true,
  "protocol": "agentid",
  "version": 1,
  "receipt_id": "a1b2c3d4-...",
  "action": "verification",
  "agent": {
    "agent_id": "agent_abc123",
    "name": "My Trading Bot",
    "owner": "Acme Corp",
    "did": "did:web:getagentid.dev:agent:agent_abc123"
  },
  "timestamp": "2026-03-28T12:00:00.000Z",
  "hashes": {
    "data_hash": "sha256hex...",
    "signature": "hmacsha256hex..."
  },
  "compound_digest": "sha256hex...",
  "compound_digest_signature": "hmacsha256hex...",
  "compound_digest_ed25519_signature": "ed25519hex...",
  "signing_key": {
    "key_id": "agentid-2026-03",
    "public_key": "xdpmjfq2DX4d6yML7QjaSkYB2h9Dm3phwts5gkAPBp8",
    "algorithm": "Ed25519"
  },
  "canonicalization": "JCS-RFC-8785",
  "verification_status": "verified",
  "blockchain_anchor": {
    "chain": "solana",
    "cluster": "devnet",
    "tx_hash": "5eykt4UsFv8P8NJdT...",
    "explorer_url": "https://explorer.solana.com/tx/5eykt4..."
  },
  "attestation_level": "domain-attested",
  "verification": {
    "method": "HMAC-SHA256 + Ed25519",
    "canonicalization": "JCS-RFC-8785",
    "issuer": "https://getagentid.dev",
    "issuer_did": "did:web:getagentid.dev",
    "offline_verification": "Proof is self-contained — signing_key.public_key is embedded"
  }
}
Attestation Levels
  • self-issued: Dual-signed (HMAC-SHA256 + Ed25519) by AgentID platform
  • domain-attested: Additionally anchored on Solana blockchain via memo transaction
Verification Status Enum
  • verified: Valid signature, active key
  • verified_deprecated_key: Valid signature, key has been rotated (routine, no trust impact)
  • verified_revoked_key: Valid signature, key was compromised (flag for policy decision)
  • invalid: Signature does not verify
GET/agents/credibility-packetPublic

Get a signed, portable trust resume for an agent. The packet is dual-signed (HMAC + Ed25519) and can be verified offline using the embedded public key. Includes identity, trust level, verification count, receipts, Merkle root, and behavioural risk score.

http
GET /agents/credibility-packet?agent_id=agent_a1b2c3d4e5

Response includes:

json
{
  "protocol": "agentid",
  "type": "credibility-packet",
  "identity": { "agent_id": "agent_abc", "did": "did:web:getagentid.dev:agent:agent_abc", "name": "...", "owner": "..." },
  "trust": { "trust_level": 3, "permissions": [...], "spending_limit": 10000, "certificate_valid": true },
  "verification_count": 156,
  "negative_signals": 2,
  "resolved_signals": 2,
  "scarring_score": 2,
  "receipts": [...],
  "merkle_root": { "root": "sha256hex...", "leaf_count": 45 },
  "behaviour_risk_score": 0,
  "signature": "hmacsha256hex...",
  "ed25519_signature": "ed25519hex...",
  "verification": {
    "ed25519": "Verify with platform public key at /.well-known/agentid.json",
    "ed25519_public_key": "xdpmjfq2DX4d6yML7QjaSkYB2h9Dm3phwts5gkAPBp8"
  }
}

Daemon Agents

Daemon agents are always-on background agents that run autonomously. They check in periodically, act on their own, and need verifiable identity for every action they take while the operator is away.

Agent Types
  • interactive (default) — Standard agents that respond to user requests
  • daemon — Always-on agents that act autonomously. Declare heartbeat interval, autonomy level, and expected active hours.
  • heartbeat — Wake-on-schedule agents that pull inbox, act, sleep. Native inbox polling via GET /agents/inbox.

Register a daemon agent:

json
{
  "name": "My Background Agent",
  "agent_type": "daemon",
  "autonomy_level": "semi-autonomous",
  "heartbeat_interval": 300,
  "expected_active_hours": [0, 23],
  "capabilities": ["monitor", "act", "report"]
}

Python SDK (pip install getagentid):

python
from agentid.daemon import DaemonAgent

daemon = DaemonAgent.register(
    api_key="agentid_sk_...",
    name="My Background Agent",
    autonomy_level="semi-autonomous",
    heartbeat_interval=300,
)

# Every action gets a verifiable receipt (HMAC + Ed25519)
receipt = daemon.sign_action("processed 15 new records")

# Attach trust headers to outbound HTTP requests
headers = daemon.trust_headers()  # Agent-Trust-Score JWT

# Report context shifts (after memory consolidation, model swap)
daemon.report_context_shift(reason="memory_consolidation")

# Periodic heartbeat to prove liveness
daemon.heartbeat()

Session Continuity

AgentID automatically detects when an agent's context or memory state has changed — without relying on the agent to self-report. A compromised agent can't suppress this detection.

context_continuity_score (0-100)

Returned on every verification. Computed server-side from the agent's behavioral baseline.

Signals monitored:
  • Activity gap: Time between actions exceeds 2x the typical interval
  • Model change: model_version changed in the last 24 hours
  • Prompt change: prompt_hash changed in the last 24 hours
  • Payload drift: Communication fingerprint shifted significantly

Score < 50 triggers a context_break anomaly alert. Multiple signals compound.

json
// In verify response:
"context_continuity": {
  "score": 45,
  "auto_context_epoch": 3,
  "signals": ["model_changed: gpt-4 → gpt-4o", "activity_gap: 12h"],
  "note": "WARNING: Significant context break detected."
}

SDKs

Python SDK v0.5.0
bash
pip install getagentid

Includes: DaemonAgent, Ed25519Identity, DID resolution, APS bridge, agent wallet, trust headers, challenge-response.

View on PyPI
CrewAI Integration

Drop-in trust layer for CrewAI multi-agent workflows.

github.com/getagentid/getagentid-crewai
LangChain Integration

Identity and trust for LangChain agent pipelines.

github.com/getagentid/getagentid-langchain
Claude Code / Cursor / Windsurf

Copy-paste instructions for any AI coding assistant. No SDK needed.

Receipts

Every write action (connect, message, pay, bind key, verify) generates a dual receipt: a cryptographic hash stored in the database, and an immutable record on the Solana blockchain. All receipts are dual-signed (HMAC-SHA256 + Ed25519) and use JCS RFC 8785 deterministic serialization for cross-implementation compatibility.

Hash Receipt

A SHA-256 hash of the action data, dual-signed by the AgentID server (HMAC-SHA256 + Ed25519). The Ed25519 signature is publicly verifiable. JCS RFC 8785 canonicalization ensures cross-implementation compatibility.

json
{
  "receipt_id": "rcpt_abc123",
  "action": "connection",
  "agent_id": "agent_sender123",
  "timestamp": "2026-03-27T12:00:00.000Z",
  "data_hash": "a1b2c3d4e5f6...",
  "signature": "d4e5f6a7b8c9..."
}
Blockchain Receipt

The receipt hash is written to Solana as a memo transaction. Immutable, publicly verifiable, and timestamped by the network.

json
{
  "tx_hash": "5eykt4UsFv8P8NJdT...",
  "cluster": "devnet",
  "explorer_url": "https://explorer.solana.com/tx/5eykt4..."
}

Click the explorer URL to view the full transaction on Solana Explorer.

What data is in each receipt?
  • Connections: message_id, from/to agent IDs, trust levels, verification status
  • Messages: message_id, from/to agent IDs, trust levels, payment info (if any)
  • Payments: payment_id, from/to agent or wallet, amount, currency, chain, trust level
  • Verifications: agent_id, trust level, certificate validity, verifier
  • Key bindings: agent_id, Ed25519 public key, derived Solana address