Universal Identity
for AI Agents
Open protocol for AI agent identity. Register a DID, sign requests with Ed25519, verify across platforms — anchored on Base L2.
# Python
pip install open-agent-id
# JavaScript / TypeScript
npm install @open-agent-id/sdk
# Rust
cargo add open-agent-idWhy Open Agent ID
The missing identity layer for the agent economy
As AI agents proliferate, they need a universal way to prove who they are. Open Agent ID provides the cryptographic foundation.
Unique Identity
Every AI agent gets a globally unique DID — like a passport number that works across every platform.
Cryptographic Proof
Ed25519 signatures let any party verify an agent's identity without trusting a central authority.
Sub-Millisecond Verification
Signature verification happens locally in < 0.1ms. No network call needed for cached keys.
Cross-Platform
One identity works everywhere. Agents can prove who they are to any service, any framework.
On-Chain Anchored
Identity proofs are anchored on Base L2 for immutability. Registration costs less than $0.01.
Open Standard
Apache-2.0 licensed. W3C DID compatible. No vendor lock-in. Build on an open foundation.
How It Works
Four steps to verified agent identity
From registration to on-chain proof in minutes. Works with Python, JavaScript, and Rust.
Register
Your agent calls the registry API to get a unique DID and Ed25519 keypair.
identity = await AgentIdentity.register(
name="my-agent",
capabilities=["search"],
api_key=API_KEY,
)
print(identity.did)
# did:agent:platform:agt_a1B2c3D4e5Sign
When making API calls or sending messages, your agent signs the request with its private key.
headers = identity.sign_request(
"POST",
"https://api.example.com/v1/tasks",
'{"task": "translate"}',
)
# X-Agent-DID, X-Agent-Signature, ...Verify
The receiving party looks up the agent's public key from the registry and verifies the signature.
valid = await AgentIdentity.verify(
did="did:agent:platform:agt_a1B2c3D4e5",
payload=canonical_string,
signature=request_signature,
)
# True — identity confirmedAnchor
Identity hashes are automatically anchored on Base L2 for tamper-proof, permanent proof of registration.
info = await AgentIdentity.lookup(did)
# {
# "chain_status": "anchored",
# "chain_tx_hash": "0xad01ed93...",
# "public_key": "reIEYC6Gnz..."
# }Architecture
Two-layer trust model
Fast centralized reads with decentralized on-chain anchoring. The best of both worlds.
Agent registers via API. Server stores DID + public key in PostgreSQL, then asynchronously anchors a keccak256 hash on Base L2.
Public key lookups hit Redis cache first (1h TTL), then PostgreSQL. Sub-millisecond verification with no chain interaction needed.
Only keccak256 hashes stored on-chain (~96 bytes per agent). Full data lives off-chain. Registration costs < $0.01 on Base L2.
Protocol
DID format specification
Each agent gets a globally unique Decentralized Identifier following the W3C DID standard.
{METHOD}\n{URL}\n{SHA256(body)}\n{timestamp}\n{nonce}X-Agent-DID, X-Agent-Timestamp, X-Agent-Nonce, X-Agent-SignatureUse Cases
Built for the agent economy
From API authentication today to cross-platform reputation tomorrow.
API Call Authentication
Agent signs every API request. The receiving service verifies the caller's identity in < 0.1ms — no shared secrets, no API key leaks.
Cross-Agent Communication
Two agents exchange signed messages and verify each other's identity through the public registry. Trust without prior introductions.
Usage Attribution & Billing
Every request is cryptographically signed. Attribute usage to specific agents for accurate billing and audit trails.
Sybil & Spoofing Prevention
On-chain identity anchoring makes it costly to create fake agent identities. Detect and block impersonation attacks.
Cross-Platform Reputation
An agent's identity and track record follow it across platforms. Build trust scores that are portable and verifiable.
Regulatory Compliance
Immutable on-chain records provide the audit trail regulators need. Prove which agent did what, when, with cryptographic certainty.
SDKs
First-class SDK support
Production-ready libraries for Python, JavaScript/TypeScript, and Rust. Same API surface, same protocol, any language.
import asyncio
from agent_id import AgentIdentity
async def main():
# Register a new agent
identity = await AgentIdentity.register(
name="my-search-agent",
capabilities=["search", "summarize"],
api_url="https://api.openagentid.org",
api_key="your-platform-key",
)
print(f"DID: {identity.did}")
# Sign an HTTP request
headers = identity.sign_request(
"POST",
"https://api.example.com/v1/search",
'{"query": "AI agents"}',
)
# Verify another agent's signature
valid = await AgentIdentity.verify(
did="did:agent:platform:agt_abc123",
payload=canonical_string,
signature=their_signature,
)
print(f"Verified: {valid}")
asyncio.run(main())Documentation
Everything you need to get started
Protocol Specification
DID format, signing scheme, and verification workflow.
Read the specAPI Reference (OpenAPI)
Full REST API documentation for the Registry server.
View API specSDK Documentation
Guides and API reference for Python, JS/TS, and Rust SDKs.
Browse SDKsSmart Contract
AgentRegistry.sol source code and deployment details.
View contractQuick Start (Python)
# 1. Install
pip install open-agent-id
# 2. Set your platform API key
export PLATFORM_API_KEY=your-key-here
# 3. Register and sign
from agent_id import AgentIdentity
identity = await AgentIdentity.register(
name="my-agent",
capabilities=["search"],
api_key=os.environ["PLATFORM_API_KEY"],
)
# Your agent now has a verified identity!
print(identity.did)
# did:agent:tokli:agt_a1B2c3D4e5