This tutorial will walk you through your first interactions with The Passport for AI Agents API.
- Basic understanding of HTTP and JSON
- Command-line access (curl, wget, or similar)
- Optional: Programming language of choice (JavaScript, Python, etc.)
The Passport for AI Agents provides a RESTful API for managing AI agent identities. The main concepts are:
- Agent Passport: A digital identity document for an AI agent
- Verification: Checking if an agent passport is valid and active
- Admin Operations: Creating and managing agent passports (requires authentication)
Let's start by verifying an existing agent passport:
curl "https://api.aport.io/api/verify/ap_a2d10232c6534523812423eec8a1425c"Expected Response:
{
"agent_id": "ap_a2d10232c6534523812423eec8a1425c",
"owner": "AI Passport Registry Demo",
"role": "Tier-1",
"permissions": ["read:tickets", "create:tickets", "update:tickets"],
"limits": {
"ticket_creation_daily": 50,
"api_calls_per_hour": 1000
},
"regions": ["US-CA", "US-NY", "EU-DE"],
"status": "active",
"contact": "demo@aport.io",
"updated_at": "2025-09-10T10:07:25.554Z",
"version": "1.0.0"
}The response contains:
- agent_id: Unique identifier for the agent
- owner: Organization or individual who owns the agent
- role: Agent's tier level or role
- permissions: What the agent is allowed to do
- limits: Operational constraints
- regions: Geographic areas where the agent can operate
- status: Current state (active, suspended, revoked)
- contact: Email for the agent
- version: Schema version
- updated_at: Last modification timestamp
Try verifying different agent IDs:
# Another demo agent
curl "https://api.aport.io/api/verify/ap_a2d10232c6534523812423eec8a1425c"
# Non-existent agent (will return 404)
curl "https://api.aport.io/api/verify/ap_nonexistent"When an agent doesn't exist, you'll get a 404 error:
{
"error": "not_found",
"message": "Agent passport not found",
"details": {
"agent_id": "ap_nonexistent"
}
}For applications that only need basic status information:
curl "https://api.aport.io/api/verify-compact?agent_id=ap_a2d10232c6534523812423eec8a1425c"Response:
{
"agent_id": "ap_a2d10232c6534523812423eec8a1425c",
"status": "active",
"role": "Tier-1"
}Notice the response headers include rate limiting information:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
X-RateLimit-Reset: 1640995200
X-RateLimit-Window: 60
- Limit: Maximum requests per minute
- Remaining: Requests left in current window
- Reset: When the window resets (Unix timestamp)
- Window: Window size in seconds
If you have admin access, you can create and manage passports:
# Create a new passport
curl -X POST "https://api.aport.io/api/admin/create" \
-H "Authorization: Bearer YOUR_ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "ap_my_agent",
"owner": "My Company",
"role": "Tier-1",
"permissions": ["read:data"],
"limits": {
"api_calls_per_hour": 1000
},
"regions": ["US-CA"],
"status": "active",
"contact": "admin@mycompany.com",
"version": "1.0.0"
}'Policy verification allows you to check if an agent is authorized to perform specific actions. Important: Policy verification automatically verifies the passport, so you don't need to call /api/verify/{agent_id} first.
curl -X POST "https://api.aport.io/api/verify/policy/finance.payment.refund.v1" \
-H "Content-Type: application/json" \
-d '{
"context": {
"agent_id": "ap_a2d10232c6534523812423eec8a1425c",
"policy_id": "finance.payment.refund.v1",
"context": {
"amount": 5000,
"currency": "USD",
"customer_id": "cust_123"
}
}
}'Response:
{
"decision": {
"decision_id": "dec_123456789",
"allow": true,
"reasons": [
{
"code": "capability_verified",
"message": "Agent has required refund capability",
"severity": "info"
}
],
"assurance_level": "L2",
"created_at": "2025-01-16T10:30:00Z",
"expires_in": 300
},
"request_id": "policy_123456789_abc123"
}- Endpoint:
/api/verify/policy/{pack_id}(POST) - pack_id: Policy pack identifier (e.g.,
finance.payment.refund.v1) - Request Body:
{ "context": { "agent_id": "ap_...", // Required: Agent passport ID "policy_id": "...", // Required: Policy ID (usually same as pack_id) "context": { ... }, // Required: Policy-specific context "idempotency_key": "..." // Optional: For duplicate request prevention } }
- decision.allow:
trueif authorized,falseif denied - decision.decision_id: Unique identifier for audit trails
- decision.reasons: Array of reason codes and messages
- decision.assurance_level: Required assurance level
- decision.expires_in: Decision TTL in seconds
finance.payment.refund.v1- Payment refundsfinance.payment.charge.v1- Payment chargesdata.export.create.v1- Data exportscode.repository.merge.v1- Repository mergescode.release.publish.v1- Code releasesmessaging.message.send.v1- Messaging operations
Now that you understand the basics:
- Explore the full API: Check out the OpenAPI specification
- Build a client: Use the language examples to build your own client
- Handle errors: Learn about error handling patterns
- Implement rate limiting: See rate limiting best practices
- Set up webhooks: Learn about webhook integration
- Use policy verification: See policy verification examples for more examples
Before allowing an agent to perform actions, verify its passport:
# Check if agent is active
curl "https://api.aport.io/api/verify/ap_my_agent"Verify what an agent is allowed to do:
const response = await fetch('https://api.aport.io/api/verify?/ap_my_agent');
const passport = await response.json();
if (passport.permissions.includes('create:tickets')) {
// Allow ticket creation
}Check if an agent can operate in a specific region:
import requests
response = requests.get('https://api.aport.io/api/verify?/ap_my_agent')
passport = response.json()
if 'US-CA' in passport['regions']:
# Allow operation in California- 404 Not Found: Agent ID doesn't exist
- 429 Too Many Requests: Rate limit exceeded
- 401 Unauthorized: Missing or invalid admin token
- 400 Bad Request: Invalid request format
- Documentation: Check the full documentation
- Examples: Browse the examples directory
- Issues: Report problems on GitHub
- Discussions: Ask questions in GitHub Discussions
You're now ready to:
- Build applications that use agent passports
- Implement agent authentication systems
- Create monitoring and management tools
- Contribute to the project
Happy coding! 🚀