The trust loop
- The agent proves who it is. The SDK exchanges the agent’s credential for a short-lived token, signed by MudraID.
- The token rides along. The SDK attaches it to the agent’s outgoing request. The agent’s long-lived secret never leaves for the platform.
- The platform verifies it independently. The middleware checks the token’s signature and that it was issued for this platform — locally, without calling MudraID on every request.
- The platform checks scope. If the token carries the permission the route requires, the request reaches your code. Otherwise it’s rejected with a clear error.
- MudraID records the verification. Every check, pass or fail, is written to a tamper-evident log.
What you run vs what MudraID runs
This is the part that matters for planning. MudraID is a managed service — you don’t host or operate it.| You run | MudraID runs | |
|---|---|---|
| Agent builder | Your agent + the SDK. You hold the agent’s credentials. | Identity, token issuance, key publishing, revocation, audit. |
| Platform / API | Your API + the middleware + your scope definitions. | The same — plus the keys your middleware verifies against. |
Why the design holds up
- Secrets stay put. An agent’s secret is exchanged for a token by the SDK; it’s never sent to the platforms the agent calls.
- Tokens are short-lived. A leaked token is only useful for minutes, and the agent behind it can be revoked.
- Verification is local and fast. Platforms verify tokens themselves using published keys, so there’s no per-call round trip to MudraID.
- Tokens are bound to one platform. A token issued for one platform is rejected everywhere else.
Next
- Use cases — where this fits.
- Integration overview — what it takes to adopt.
- Trust & security — how credentials are protected.