# MudraID > A trust layer for AI agents. Verifiable identity, scoped access, and instant revocation for agent-to-API calls. ## Docs - [Exchange agent credentials + platform_id for a short-lived JWT](https://docs.mudraid.ai/api-reference/agent-sdk/exchange-agent-credentials-+-platform_id-for-a-short-lived-jwt.md): The Agent SDK calls this on first request to a platform and again on 401 from that platform (token expiry / revocation). Returns a 15-minute RS256 JWT whose `aud` claim binds it to `platform_id` so the platform middleware can reject mis-aimed tokens locally. - [List the calling agent's platforms (SDK bootstrap)](https://docs.mudraid.ai/api-reference/agent-sdk/list-the-calling-agents-platforms-sdk-bootstrap.md): Called once at SDK startup so the Agent can build its URL→platform_id routing map. POST (not GET) because credentials live in the body — the JWT path isn't usable yet at this point in the bootstrap. - [API reference](https://docs.mudraid.ai/api-reference/introduction.md): The stable public contracts between MudraID, the SDK, and the middleware. - [Download the platform's scope file](https://docs.mudraid.ai/api-reference/platform-middleware/download-the-platforms-scope-file.md): Platform operator downloads this once after registering scopes and drops it into their project root. The FastAPI middleware reads it at startup to build the route → required-scope map. - [JSON Web Key Set for JWT verification](https://docs.mudraid.ai/api-reference/platform-middleware/json-web-key-set-for-jwt-verification.md): The platform middleware fetches this to verify JWT signatures locally without per-request MudraID calls. Returns every key currently considered valid for verification — that is, the active signing key plus any `previous` (rotated-but-not-retired) keys. - [Versioning and deprecation](https://docs.mudraid.ai/api-reference/versioning.md): What stable means, and how things get removed. - [Debug with structured logs](https://docs.mudraid.ai/guides/agent-developer/debugging.md): Turn on the SDK's logs to see exactly what the trust loop is doing. - [Handle errors](https://docs.mudraid.ai/guides/agent-developer/error-handling.md): How the SDK signals problems, and how to handle each one. - [Register and manage an agent](https://docs.mudraid.ai/guides/agent-developer/register-agent.md): Create an agent, grant it least-privilege access, and manage it over time. - [Rotate a compromised secret](https://docs.mudraid.ai/guides/agent-developer/rotate-secret.md): Replace a leaked or aging agent secret without breaking traffic. - [Agent identity](https://docs.mudraid.ai/guides/concepts/agent-identity.md): How an agent proves who it is: its credentials, how the secret is stored, and how to rotate it. - [Authentication and tokens](https://docs.mudraid.ai/guides/concepts/auth-tokens.md): How an agent's secret becomes a short-lived token, and how platforms verify it. - [Platforms and scopes](https://docs.mudraid.ai/guides/concepts/platforms-scopes.md): How a platform decides what each agent is allowed to do, per route. - [The trust model](https://docs.mudraid.ai/guides/concepts/trust-model.md): The mental model behind MudraID: who's calling, what they can do, and whether to trust them. - [Quickstart: Agent Developer](https://docs.mudraid.ai/guides/get-started/quickstart-agent.md): Give your agent a verifiable identity and make its calls authenticated. - [Quickstart: Platform Operator](https://docs.mudraid.ai/guides/get-started/quickstart-platform.md): Protect your API so only trusted, in-scope agents reach your code. - [What is MudraID?](https://docs.mudraid.ai/guides/get-started/what-is-mudraid.md): A trust layer for AI agents. - [Define scopes and protect routes](https://docs.mudraid.ai/guides/platform-operator/define-scopes.md): Design the permissions your API exposes, and map each route to one. - [Interpret verification error codes](https://docs.mudraid.ai/guides/platform-operator/error-codes.md): What each error_code means, whose problem it is, and what to do. - [Survive key rotation](https://docs.mudraid.ai/guides/platform-operator/key-rotation.md): Why MudraID rotating its signing keys needs no action from you. - [Manage the scopes lifecycle](https://docs.mudraid.ai/guides/platform-operator/scopes-lifecycle.md): How the scopes file loads, how to change it safely, and how failures recover. - [How it works](https://docs.mudraid.ai/overview/how-it-works.md): The trust loop, and what you run vs what MudraID runs. - [Integration overview](https://docs.mudraid.ai/overview/integration-overview.md): What adopting MudraID actually takes. - [Introduction](https://docs.mudraid.ai/overview/introduction.md): What MudraID is, and who it's for. - [The problem](https://docs.mudraid.ai/overview/the-problem.md): Why agents calling APIs need verifiable identity. - [Use cases](https://docs.mudraid.ai/overview/use-cases.md): Where teams put MudraID to work. - [FAQ](https://docs.mudraid.ai/resources/faq.md): Common questions, for evaluators and developers. - [Glossary](https://docs.mudraid.ai/resources/glossary.md): The terms that show up across these docs. - [Support](https://docs.mudraid.ai/resources/support.md): Where to get help. - [Configuration](https://docs.mudraid.ai/sdks/middleware/configuration.md): Settings for the middleware. - [Error responses](https://docs.mudraid.ai/sdks/middleware/error-responses.md): The stable error_code contract. - [Operator playbook](https://docs.mudraid.ai/sdks/middleware/operator-playbook.md): Running the middleware day to day. - [FastAPI Middleware](https://docs.mudraid.ai/sdks/middleware/overview.md): Verify agents and enforce scopes on every route, before your handlers run. - [Configuration](https://docs.mudraid.ai/sdks/python-sdk/configuration.md): Settings, env vars, and precedence. - [Diagnostics](https://docs.mudraid.ai/sdks/python-sdk/diagnostics.md): SDK logging. - [Errors](https://docs.mudraid.ai/sdks/python-sdk/errors.md): The exception hierarchy. - [Python Agent SDK](https://docs.mudraid.ai/sdks/python-sdk/overview.md): A drop-in replacement for requests that gives your agent a verifiable identity. - [Responsible disclosure](https://docs.mudraid.ai/security/disclosure.md): How to report a security problem. - [Trust & security](https://docs.mudraid.ai/security/overview.md): How MudraID protects your credentials and what it does with your data. ## OpenAPI Specs - [openapi](https://docs.mudraid.ai/openapi.yaml)