What AgentAdmit is, how it works, and how to get started. The auth layer for the agent economy: user-mediated, scoped, revocable, and auditable.
AgentAdmit is a hosted agent authorization service. It gives AI agents scoped, revocable, and auditable access to the APIs behind your app, with the user in control of exactly what each agent can do. It is the auth layer for the agent economy: whether it is your own agent managing your business or your users’ agents accessing their data, AgentAdmit keeps users in control.
Four steps. Install the SDK, define your scopes, add one line of middleware, and your users connect their agents. A user selects the scopes and duration they want, gets a token, and hands it to their agent. The SDK handles token validation, scope enforcement, and audit logging without changing your existing API logic.
Through the human. The credential is delivered to the person, and the person gives it to their agent. There is no redirect, no callback, no webhook, and no automated path between your app and the agent. The user is always the trust bridge. This is what AgentAdmit calls user-mediated delivery.
You and your users choose exactly what each agent can access, for how long, and can revoke any individual connection at any time from the dashboard, without affecting other agents or users.
The user chooses the connection duration when they connect their agent. The options are 1 Hour, 24 Hours, 7 Days, 30 Days, or "Until I Revoke." "Until I Revoke" means no expiry: the agent stays connected until the user chooses to disconnect it, so users are not forced to reconnect over and over. It is well suited to ongoing automation, monitoring, or coaching. Shorter durations add deliberate friction for one-time or sensitive tasks, while a longer or until-revoked duration removes that friction when the user wants it. Either way the user stays in control and can revoke at any time from the dashboard.
Most agent access today relies on API keys, redirects, or environment variables. These are channels that can be intercepted through prompt injection or misconfiguration, and they usually grant broad, persistent access. AgentAdmit delivers a single-use credential to the user instead, scopes it to specific actions, lets the user choose how long it lasts, and lets the user revoke it at any time.
Your agent receives a single token and extracts where to exchange it from the token itself. After exchange, it gets back its access along with everything it needs to operate: scopes, available endpoints, and request schemas. No separate documentation or configuration is required.
Caller-identity consent lets a data owner decide, independently, who may reach their data through the same API: a human session, the application’s own built-in AI, and an external AI agent. Each decision is separate, so granting one never grants another and any combination is allowed. The class is determined from the structure of the credential, which means a caller cannot self-select or spoof it. The model is not limited to three classes either; the same independent-path pattern extends to new classes, such as a verified-agent class, as they emerge.
AgentAdmit is agent-agnostic. It works directly with any AI agent that can make HTTP requests, such as Claude Code, Codex, OpenClaw, Gemini CLI, and custom agents built with function calling. If it can call an API, it can use AgentAdmit. Chat interfaces such as Claude Desktop or ChatGPT connect through an MCP server as a bridge.
Yes. MCP supports authentication, but authentication alone does not give you per-user, per-tool scoped access that your users control. AgentAdmit is the missing layer between MCP and user-controlled agent authorization. The Python, Node, and Go SDKs support MCP integration out of the box.
App owners who want to give their own AI agent scoped access to their app, app owners who want to let their users connect their own agents, MCP server operators, and the users connecting agents to those MCP tools.
AgentAdmit ships 7 SDKs across 11 server frameworks: Python (FastAPI, Flask, Django), Node.js (Express, Next.js), Go (net/http, Gin, Echo), Java (Spring Boot), PHP (Laravel), and Ruby (Rails), plus drop-in React components for user consent and scope selection.
You pay for active agent connections per month, not per API call. A connection counts as active only if it makes at least one successful verify in the month, so connections that go quiet cost nothing. Starter is $50/month for 500 connections, with $0.20 per additional connection. Builder is $100/month for 1,500 connections at $0.15 each. Pro is $200/month for 5,000 connections at $0.10 each. Every tier includes a generous verify-call fair-use pool (1,000,000 on Starter, 3,000,000 on Builder, 10,000,000 on Pro) so you can verify as often as your security posture wants. Enterprise is custom volume and custom pricing. The first 1,000 customers get early adopter pricing: 50% off for their first year, with the offer ending 6 months after launch.
Yes. You build and test with test keys, and pay when you are ready to go live. Your developer or your own AI agent can complete the entire integration and validate real agent workflows in staging first.
Security is built into the architecture, not toggled on with settings. Connection credentials are stored only as cryptographic hashes. Credentials are invalidated on first use and cannot be replayed. Every agent API call is validated through mandatory introspection before it reaches your app, and every request is checked and logged.
No. There is no API for an agent to modify or escalate its own permissions. The only path to additional access is for the human to start a new connection. If an agent requests something outside its granted scopes, the system identifies the additional scope required and directs the agent to request renewed authorization from the user.
Every connection has automatic anomaly detection, covering things like volume spikes, unauthorized scope probing, and reactivation of a dormant connection. App owners set alert thresholds, and users can tighten alerts on their own connections. An optional kill switch automatically revokes a connection when thresholds are breached. This is included in every tier.
Every agent API call is validated through mandatory introspection and logged automatically. Each request records which agent, which user, which scope, which resource, and the result, so you can use the audit trail for compliance, abuse detection, or usage-based billing.
About a day. You install the SDK, define your scopes, and add one line of middleware. You, your developer, or your AI agent can handle the whole integration.
Ready to build? Read the integration guides or get started . Build and test with test keys. Pay when you are ready to go live.