You build agents that call external APIs
Your agent acts for a user and calls third-party services — an airline, a bank, a SaaS tool. Those services need to trust your agent before they’ll serve it. With MudraID, your agent carries a verifiable identity. Partner platforms that also use MudraID can accept your agent, scope what it can do, and revoke it if something goes wrong. You add the SDK and your agent’s calls are authenticated — no custom auth code per partner. Example. A travel agent books flights through several airline APIs. Each airline grants the agentflights:search and flights:book, nothing more. If the agent misbehaves, any airline can revoke it on its own.
You run an API that agents call
You expose an API and want to let third-party agents use it — safely. You need to know which agent is calling, limit what each can do, and shut off a bad actor fast. With MudraID, you add the middleware and define a scope per route. Only agents with a valid, in-scope token reach your handlers. You get per-agent attribution and instant revocation, without writing auth into every endpoint. Example. A payments API lets partner agents move money. Read endpoints requirepayments:read; transfers require payments:write. A compromised agent is revoked centrally and loses access in seconds.
You operate a marketplace or multi-tenant platform
You have many agents and many platforms in one ecosystem — a marketplace, a network of internal services, or a multi-tenant product. You need one consistent trust model and one audit trail across all of it. MudraID gives every agent one identity that works across every participating platform, with central revocation and a single tamper-evident record of who did what.Where MudraID is not the fit
- Human end-user login. MudraID is for agent-to-API trust, not for signing in human users.
- A single app calling its own backend with no third parties and no agents — a standard API key is fine there.