Agents are calling APIs.
Nobody knows who they are.
Today, when an AI agent makes an API call on behalf of a user, there's no standard way to verify the agent's identity, bind its intent, or enforce accountability.
ScrollNo verified identity
APIs rely on API keys that can be stolen or shared. Who — or what — is really calling?
Intent is unsigned
An agent claims "I'm creating a work order" — but there's no cryptographic proof.
Intent not bound
Without binding agent to user to intent, agents can overreach beyond what users delegated.
Cryptographic proof of
identity, intent, and delegation
AAP adds a signed assertion to every agent API call. The API verifies the agent's identity, intent, and delegation. Public keys are discovered via app registry or .well-known endpoint.
Mental model: WebAuthn proves a human is present. AAP proves an agent is acting with a specific intent and delegation.
Signed assertions
Every request includes a cryptographically signed payload: actor, subject, intent, audience, timestamp. The API verifies the signature against the agent's registered public key (discovered via registry or .well-known).
Principal-actor model
Agents do not obtain permissions independently. They derive authority from an existing identity context. No user access means no agent access. Delegation is explicit and auditable.
Human-in-the-loop
High-risk actions like refunds require user approval. The approval is cryptographically bound to the exact action — no reuse, no tampering.
Built-in audit trail
Every assertion is a tamper-proof log entry: who acted, on whose behalf, what they intended, and when. Try it in the playground to see the live audit log.
See it in action
Generate a keypair, register an agent, sign a request, and watch the API verify it — all in your browser.