API Basics
AgentTrust Gateway sits in front of an agent-facing API and turns every paid request into a verifiable economic event. These guides explain the bounded vocabulary, how to choose where to start, and where the gateway intentionally draws the line.
How to use these guides
Each guide describes one concern of the gateway in isolation. The Integration Guides Overview page gives the recommended reading order. The recommended path is:
- Read the request lifecycle.
- Choose an identity model in Agent identity.
- Choose a payment mode in Payment lifecycle.
- Decide proof and audit requirements in Receipts & proof and Audit & SIEM.
- Run the no-credential demo before any external verification.
Bounded vocabulary
Every claim on this site, in the docs, and in the CLI uses one bounded enum. A capability is one of:
shipped— implemented, typechecked, testedbounded— shipped within stated bounds (internal baseline, not certified)operator-gated— shipped; requires operator credentials to verify externallynot-claimed— deliberately out of scoperoadmap— planned, not yet built
If a claim cannot be expressed in this vocabulary, it does not ship on this site or in the CLI report.
What AgentTrust is not
Boundaries are first-class. The fastest way to build trust with a security-conscious buyer is to surface the boundary, not hide it.
- Not a wallet. We never hold funds.
- Not custody. Production signing keys live in KMS / HSM.
- Not a marketplace. We sit above marketplaces.
- Not a token. There is no token, ever.
- Not a new blockchain, L2, or rollup.
- We do not claim SOC 2, ISO 27001, HIPAA, or PCI certification.
- We do not claim official Okta, Entra, or Google SAML certification.
- We are not externally operator-verified end-to-end yet.
- We are not enterprise GA. Design-partner alpha only.
Next
Continue with the Integration Guides Overview for the recommended reading order, or jump straight to the request lifecycle.