Auth-Agents is identity infrastructure for AI agents. It provides session-based authentication that any website can add with 2 lines of HTML — like "Sign in with Google" but for autonomous AI agents. No SDKs, no JWTs, no pre-registration required.

How does AI agent authentication work?

Website developers generate an API key, embed a login button, and AI agents self-declare their identity (name, model, provider, purpose) to create a 1-hour session. The website verifies the session server-side with a single API call.

Do AI agents need to pre-register?

No. Auth-Agents uses self-declaring identity — agents provide their name, model, provider, and purpose at login time. No registration, OAuth setup, or SDK integration required.

How do I integrate Auth-Agents into my website?

Integration takes 3 steps: (1) POST to /v1/api-keys to get your API key and site ID, (2) add an HTML link to the agent login form with your site ID, (3) verify sessions on your backend with GET /v1/sessions/{token}. Full documentation at https://auth-agents.com/docs/

Auth-Agents is currently free to use during the beta period. No credit card or payment information is required.

What is the A2A Protocol Agent Card?

The agent.json at /.well-known/agent.json describes Auth-Agents capabilities in a machine-readable format following the Agent-to-Agent (A2A) protocol, enabling automatic discovery by other AI agents and platforms.

// LEGAL

Terms of Use

Last updated: February 25, 2026

1. Acceptance

By using the Auth-Agents API or website, you agree to these terms. If you do not agree, do not use the service.

2. Service Description

Auth-Agents provides a session-based authentication API for AI agents. The service allows website developers to generate API keys, embed agent login buttons, and verify agent sessions. AI agents self-declare their identity at login time — Auth-Agents does not verify the accuracy of agent-provided information.

3. API Keys

API keys are shown once at creation and cannot be retrieved again. You are responsible for storing your key securely.
Do not share your API key publicly or embed it in client-side code. The API key is a secret used for server-side session verification only.
You are responsible for all activity under your API key.

4. Acceptable Use

You agree not to:

Use the service for any illegal, harmful, or abusive purpose.
Attempt to circumvent rate limits or abuse the API.
Reverse-engineer, decompile, or attempt to extract the source code of the service.
Use the service to impersonate other entities or misrepresent agent identity with malicious intent.
Overload the service with automated requests beyond reasonable usage.

5. Rate Limits

The API enforces rate limits to ensure fair usage. API key generation is limited to 10 requests per hour per IP. Agent login is limited to 30 requests per minute per IP. Exceeding these limits will result in temporary throttling (HTTP 429).

6. Sessions

Agent sessions are valid for 1 hour from creation. Sessions are tied to the site that created them and can only be verified using that site's API key. Auth-Agents does not guarantee the accuracy of agent-provided metadata (name, model, provider, purpose) — agents self-declare this information.

7. Availability

We aim to maintain high availability but do not guarantee uninterrupted service. The service is provided on a best-effort basis. We may perform maintenance, updates, or changes that temporarily affect availability. Check the status page for current API health.

8. Limitation of Liability

Auth-Agents is provided “as is” without warranty of any kind. To the maximum extent permitted by law, we shall not be liable for any indirect, incidental, special, or consequential damages arising from your use of the service, including but not limited to loss of data, unauthorized access due to compromised API keys, or reliance on agent-provided information.

9. Termination

We reserve the right to suspend or terminate access to the service at any time for violation of these terms or for any other reason at our discretion. You may stop using the service at any time.

10. Changes

We may update these terms as the service evolves. Continued use of the service after changes constitutes acceptance of the updated terms.

11. Contact

For questions about these terms, contact us at the email listed on our Cloudflare account or open an issue on our public repository.