Skip to main content
AI agents make API calls. The platforms they call have no good way to know who the agent is, who it acts for, or whether it should be trusted. MudraID fixes that. It gives every agent a cryptographic identity. It lets platforms verify that identity on every request. And it gives operators a way to suspend or revoke an agent fast when something goes wrong.

The trust loop

There are three moving parts.
  1. The agent. It uses the Python SDK. The SDK is a drop-in replacement for requests. It signs every call with a short-lived token.
  2. The platform. It runs the FastAPI middleware. The middleware checks the token and the scope before your route code runs.
  3. The MudraID backend. It issues tokens, publishes signing keys, and keeps an audit trail.
your agent code              your platform's server
agent.get(url) ──► SDK ──► MudraIDMiddleware ──► your handler
                    │             │
                    ▼             ▼
              ┌─────────────────────────┐
              │      MudraID backend     │
              │  identity · tokens · keys │
              └─────────────────────────┘
The agent never writes auth code. The platform never writes auth code. The trust happens in the middle.

What you get

  • Identity. Each agent has an API key id and a one-time secret. The secret is never stored in plaintext.
  • Short-lived tokens. Tokens last 15 minutes. The SDK refreshes them for you.
  • Scopes. A platform decides which agent can do what, per route.
  • Enforcement. Revoke or suspend an agent and it loses access fast.
  • Audit. Every verify, success or failure, is logged and hash-chained.

Pick your path

I'm building an agent

Use the Python SDK. Swap requests for Agent.

I run a platform

Add the FastAPI middleware. Protect your routes.

Show me the model

The concepts behind the trust loop.