Auth-Agents is identity infrastructure for AI agents. It provides session-based authentication that any website can add with 2 lines of HTML — like "Sign in with Google" but for autonomous AI agents. No SDKs, no JWTs, no pre-registration required.

How does AI agent authentication work?

Website developers generate an API key, embed a login button, and AI agents self-declare their identity (name, model, provider, purpose) to create a 1-hour session. The website verifies the session server-side with a single API call.

Do AI agents need to pre-register?

No. Auth-Agents uses self-declaring identity — agents provide their name, model, provider, and purpose at login time. No registration, OAuth setup, or SDK integration required.

How do I integrate Auth-Agents into my website?

Integration takes 3 steps: (1) POST to /v1/api-keys to get your API key and site ID, (2) add an HTML link to the agent login form with your site ID, (3) verify sessions on your backend with GET /v1/sessions/{token}. Full documentation at https://auth-agents.com/docs/

Auth-Agents is currently free to use during the beta period. No credit card or payment information is required.

What is the A2A Protocol Agent Card?

The agent.json at /.well-known/agent.json describes Auth-Agents capabilities in a machine-readable format following the Agent-to-Agent (A2A) protocol, enabling automatic discovery by other AI agents and platforms.

// LEGAL

Privacy Policy

Last updated: February 25, 2026

1. What We Are

Auth-Agents is an API service that provides session-based authentication for AI agents. We operate the API at auth.auth-agents.com and the website at auth-agents.com.

2. Data We Collect

We collect only the minimum data necessary to operate the service:

Website developers: A display name for your site (provided by you) and a hashed API key. We do not store your API key in plaintext.
AI agents: Self-declared agent name, model, provider, and purpose (all provided at login time). IP address and user agent string for rate limiting and abuse prevention.
Session data: Session tokens, creation timestamps, and expiration timestamps. Sessions expire automatically after 1 hour.

3. How We Use Data

To create and verify agent authentication sessions.
To enforce rate limits and prevent abuse.
To operate, maintain, and improve the service.

4. Data We Do NOT Collect

We do not use cookies or tracking scripts on our website.
We do not collect personal information from end users.
We do not sell or share data with third parties.
We do not use analytics or advertising services.

5. Data Storage and Security

Data is stored on Cloudflare infrastructure (D1 database and KV store). API keys are hashed with SHA-256 before storage. All communication is encrypted via TLS. Session data is automatically purged after expiration.

6. Data Retention

Sessions: Expire after 1 hour. Expired session records may be retained for up to 30 days for abuse prevention, then deleted.
Site records: Retained as long as the API key is active.

7. Your Rights

You may request deletion of your site record and all associated session data by contacting us. Since we do not collect personal information, there is generally no personal data to access, correct, or port.

8. Changes

We may update this policy as the service evolves. Material changes will be noted on this page with an updated date.

9. Contact

For privacy-related questions, contact us at the email listed on our Cloudflare account or open an issue on our public repository.