How do I verify an AI agent?

Call GET /api/verify/{agent_id} to fetch a passport, or POST /api/verify/policy/{pack_id} to check if an agent is allowed to perform a specific action. The response includes allow/deny and a signed decision.

What is a policy pack?

A policy pack defines the rules for a capability (e.g., finance.payment.refund.v1). It specifies limits, assurance requirements, and context validation. Policy packs are versioned and can be customized per organization.

How do I integrate APort with my agent?

Use the OpenClaw guardrail, Express middleware, FastAPI middleware, or call the verify API directly. The quickstart guide walks through setup for each framework in under 5 minutes.

APort

Authorization infrastructure for the AI agent economy

Get Started

Developer Docs

Everything you need to build secure, compliant AI agents.
Integrate in minutes, not days.

Get Started

API Explorer

Quick Start

5-Min Quickstart

Get started with APort in under 5 minutes. Create your first agent and verify it.

API Reference

Interactive API explorer with live examples and complete endpoint documentation.

SDKs & Middleware

Drop-in middleware for Express.js and FastAPI. Production-ready in minutes.

Integration Examples

Copy, paste, and you're done. Production-ready code examples for Express.js, FastAPI, and more.

cURL

Verify Agent

No authentication required. Returns complete passport data.

curl "https://aport.io/api/verify/ap_xxx"

# Response includes:
# - Passport metadata
# - MCP configuration
# - Policy evaluation

JavaScript

Express Middleware

Drop-in middleware for automatic verification.

const { requirePolicy } = require('@aporthq/middleware-express');

app.post('/api/refunds',
  requirePolicy("finance.payment.refund.v1", "ap_xxx"),
  (req, res) => {
    res.json({ success: true });
  }
);

JavaScript

File Read Policy

Prevent SSH key theft and .env file access.

// Check before reading any file
const decision = await aport.verify("data.file.read.v1", {
  agent_id: "ap_xxx",
  file_path: "/tmp/report.txt"
});

if (!decision.allow) {
  throw new Error("Access denied");
}

// Safe to read - policy passed
const content = await fs.readFile(file_path);

JavaScript

File Write Policy

Block writes to /etc, /bin, and system directories.

// Check before writing any file
const decision = await aport.verify("data.file.write.v1", {
  agent_id: "ap_xxx",
  file_path: "/tmp/output.json",
  content_size_mb: 2.5
});

if (!decision.allow) {
  throw new Error(decision.reasons[0].message);
}

// Safe to write - policy passed
await fs.writeFile(file_path, content);

Core Features

Agent Verification

Cryptographically signed passports with real-time status verification and policy evaluation.

MCP Support

Model Context Protocol allowlists for servers and tools with automatic enforcement.

Policy Enforcement

Deterministic policy enforcement with policy packs for finance, data, messaging, and code.

Three Authentication Methods

Choose the right auth method for your use case

No Auth

Public verification endpoints

/api/verify/*

API Keys

Server-to-server access

Bearer apk_...

JWT Tokens

User sessions & interactive

Bearer eyJ0...

Need Help Getting Started?

Our team is here to help you integrate APort into your application.

Start Building

Join Design Partners