Agents

POST `/api/agents`

Bearer apk_ · write:agents · Idempotent · Live: KYB approved

{
"agentName": "research-assistant",
"description": "Reads + drafts research, pays for OpenAI + arxiv API calls",
"protocols": ["TAP", "MPP", "ACP"],
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\n..."   // optional but recommended
}

If publicKeyPem is provided, the server uses it directly and the private key never touches us. If omitted, the server generates a keypair and returns the private key ONCE in the response.

GET `/api/agents`

Bearer apk_

List agents in the workspace.

PATCH `/api/agents/[id]`

Bearer apk_ · write:agents

{
"state": "frozen"                     // "active" | "frozen" | "terminated"
}

terminated is irreversible.

POST `/api/agents/[id]/intents`

Bearer apk_ · write:agents

{
"intent": {
  "agent_id": "agent_…",
  "merchant": { "name": "OpenAI API", "mcc": "5734" },
  "amount": { "currency": "USD", "cents": 1500 },
  "intent_id": "uuid-…",
  "iat": 1716200000,
  "exp": 1716200300,
  "protocol": "TAP"
},
"signature": "<base64url Ed25519 sig over canonical JSON>",
"key_id": "<base64url sha256 of public-key SPKI>"
}

Errors:

401 signature_invalid — sig doesn't match registered public key
401 intent_expired — exp in the past
401 intent_iat_future — iat too far in the future
422 intent_id_replay — duplicate intent_id

GET `/api/agents/[id]/intents`

Bearer apk_

Audit log — including invalid submissions with rejection_reason.

← All docs Edit on GitHub →

Agents

POST /api/agents

GET /api/agents

PATCH /api/agents/[id]

POST /api/agents/[id]/intents

GET /api/agents/[id]/intents

POST `/api/agents`

GET `/api/agents`

PATCH `/api/agents/[id]`

POST `/api/agents/[id]/intents`

GET `/api/agents/[id]/intents`