NervePayNervePay
← Back to Agent Auth Overview

Agent Identity

Every agent has a unique identity. Generate keys, sign requests, and build reputation with on-chain verification.

ERC-8004 Support

Why Agent Identity?

  • No stolen API keys — Ed25519 signatures, not bearer tokens
  • Full audit trail — Every request logged with agent DID
  • Reputation scoring — On-chain verification via ERC-8004
  • Scoped access — Reputation determines what agents can do

Generate Agent Keys

TypeScript

typescript
import { Keypair } from "@nervepay/sdk";


const keypair = await Keypair.generate();
console.log("DID:", keypair.did);
// Save these securely!
console.log("Private Key:", keypair.privateKey);

Python

python
from nervepay import Keypair


keypair = Keypair.generate()
print("DID:", keypair.did)
# Save these securely!
print("Private Key:", keypair.private_key)

Sign API Requests

Agents sign every request. The server verifies the signature and checks the agent's DID.

TypeScript

typescript
import { NervePay } from "@nervepay/sdk";


const client = new NervePay({
  agentDid: "did:nervepay:agent:...",
  privateKey: process.env.AGENT_PRIVATE_KEY!
});


const response = await fetch("https://api.nervepay.xyz/v1/vault/secrets/my-key", {
  method: "GET",
  headers: {
    ...client.authHeaders("GET", "/v1/vault/secrets/my-key")
  }
});


const secret = await response.json();

Python

python
import os
import requests
from nervepay import NervePay


client = NervePay(
    agent_did="did:nervepay:agent:...",
    private_key=os.environ["AGENT_PRIVATE_KEY"]
)


headers = client.auth_headers("GET", "/v1/vault/secrets/my-key")
response = requests.get(
    "https://api.nervepay.xyz/v1/vault/secrets/my-key",
    headers=headers
)


secret = response.json()

On-Chain Verification (ERC-8004)

Agents can verify their reputation on-chain. Higher scores = more trusted = broader access.

TypeScript

typescript
import { ERC8004 } from "@nervepay/sdk";


const verifier = new ERC8004({
  rpcUrl: "https://eth-mainnet.g.alchemy.com/v2/..."
});


const status = await verifier.getAgentStatus("0x1234...");
console.log(status);
// { score: 85, tier: "trusted", canAccess: true }

Reputation Tiers

Trusted

Score: 80-100

Standard

Score: 50-79

Restricted

Score: <50

Before vs After

javascript
// Before: API keys in env vars, no audit trail
const response = await fetch("https://api.example.com", {
  headers: { "Authorization": `Bearer ${process.env.API_KEY}` }
});


// After: Ed25519 signatures, full audit, reputation-based access
const response = await fetch("https://api.example.com", {
  headers: agent.authHeaders("GET", "/endpoint")
});
// Every call logged: who (DID), when, what, success/fail

Next Steps

Store Secrets in Vault

Use scoped secrets with agent identity

See Full Examples

Copy-paste TS + Python examples