NervePayOverview
NervePay Agent Passport is the world's first identity system designed specifically for AI agents. Traditional OAuth assumes human interaction (clicking consent screens), but agents need programmatic flows while maintaining cryptographic security.
🛂 Agent-First Design
No passwords, no API keys to steal, no redirect flows. Just cryptographic signatures proving agent identity with every request.
Key Features
Portable Identity
Each agent gets a unique passport ID - portable across platforms and services
Ed25519 Signatures
Sign requests with Ed25519 private key - no secrets stored on server
Replay Protection
One-time nonces prevent replay attacks - expires after 10 minutes
Timestamp Validation
5-minute window for request freshness - prevents old requests
Comprehensive Audit
Every authentication attempt logged - full transparency
Capability-Based
Transaction limits and permissions defined in passport document
How It Works
Issue Passport
Developer creates an agent passport via dashboard. System generates passport ID and Ed25519 keypair. Private key shown only once.
Sign Requests
Agent signs each API request with its Ed25519 private key. Signature payload includes method, path, nonce, timestamp, and passport ID.
Verify Signature
NervePay verifies signature using agent's public key (stored in passport document). Checks nonce freshness and timestamp validity.
Enforce Capabilities
System checks agent's transaction limits and permissions. Auto-approves low-risk, triggers HITL for high-risk transactions.
Audit Trail
Every auth attempt logged to agent_activity_log. Includes status, risk score, and request context.
Why Not Traditional OAuth?
| Feature | Traditional OAuth | NervePay Agent Auth |
|---|---|---|
| Identity | client_id + secret | Agent Passport |
| Authentication | Redirect flows | Ed25519 signatures |
| Security | Stored secrets | Cryptographic proofs |
| Replay Protection | ❌ None | ✅ One-time nonces |
| Portability | Locked to platform | ✅ Passports work anywhere |
| Agent-Friendly | Designed for humans | ✅ Agent-first design |
Works with x402 Payments
Combine Agent Passport with x402 payments for a complete solution. Agent authenticates with signatures, then makes payments for API calls.
# Agent makes authenticated payment request
Agent-Passport: <passport_id>
X-Agent-Signature: <sig>
PAYMENT-SIGNATURE: <payment_sig>Next Steps
Authentication Guide
Learn how to sign requests and authenticate agents
Agent Secrets Vault
Secure encrypted storage for API keys and credentials
OAuth for External Providers
Guide for software providers to implement Agent Passport OAuth
Create Your First Agent Passport
Get started in the dashboard - takes less than 2 minutes