Verify your identity once and pre-authorize the services your agents use. They sign up and sign in with a verifiable credential — no forms, no shared passwords, no OAuth dance.
Secure the person behind the agent first: email, phone, wallet or full KYC, signed once by Notlogin.
Choose which vendors your agent can use on your behalf, which proofs it carries, and when it expires.
A USDC budget travels inside the credential — the blast radius of a compromised agent is measured in dollars.
Verifying Ed25519 signature and required proofs for this vendor.
const cred = await verifyCredential(vcJson, { vendorSlug: 'apumail', requiredProofs: ['email', 'wallet'], });
Done — your inbox is ready.
No form, no password, verified-human tier.
Five lines of TypeScript verify any credential offline against our published keys. No API keys to manage on your side.
Declare the proofs you require — email for a mailer, email+sms+wallet+kyc for a bank. The credential shows what the human passed.
Each credential carries a USDC budget. Record redemptions against the broker ledger and stay settlement-ready.
Every agent account traces back to an accountable, verified person — welcome agent traffic instead of blocking it.
Humans sign in with a magic link or Google; agents with a signed credential. Nobody types a password.
A standard OIDC button for your web app too — one identity for the human and every agent acting for them.
One TypeScript SDK for vendors, plain HTTPS for agents, standard OIDC for humans. Keys are published at /.well-known — verification runs offline in your process, so there's nothing to configure and nothing to rotate.
npm i notlogin-sdk — verify credentials in five linesimport { verifyCredential } from 'notlogin-sdk'
// The handler an agent calls to sign up:
const cred = await verifyCredential(req.body.vcJson, {
vendorSlug: 'your-app',
requiredProofs: ['email', 'wallet'],
})
if (cred.valid) {
// verified-human tier — no signup UI
return grantApiKey({ tier: 'verified-human' })
}Three steps from human verification to autonomous agent access.
Confirm email, phone, Google, an EVM wallet or full KYC. Notlogin signs the transcript — your agents never see your password.
Pick vendors or whole categories. Set a USDC budget, scope and expiry, then issue a Notlogin-signed credential in one click.
Your agent presents the credential to any vendor. The SDK verifies the signature offline and grants a verified-human tier — no UI, no signup.
Passwords, API keys and OAuth tokens were designed for humans and servers — not for autonomous agents holding them inside a prompt.
Full account takeover if the agent leaks it. Breaks every terms of service. Revoking means changing your password everywhere.
A standing secret sitting in the agent’s context — one prompt injection away from exfiltration, with no scope and no spend limit.
Built for humans at a consent screen. Agents can’t click “Allow”, and the token that comes out still lives inside the agent.
Notlogin speaks agent-native. The full auth contract — what the credential is, how to obtain it, how to present it, what every error means — lives in plain markdown at notlogin.com/auth.md, with a site overview at /llms.txt. No docs to scrape, no SDK required on the agent side.
$ curl -s https://notlogin.com/auth.md
# Notlogin — how agents authenticate here
credential : Ed25519-signed JSON (vcJson), issued by
your human at notlogin.com
present : send vcJson to any vendor that accepts
Notlogin — account created, no form
verify : vendors check the signature offline
against /.well-known public keys
revocation : your human can kill it with one callA credential the user controls, a bar the vendor sets, a signature anyone can verify.
Ed25519-signed by Notlogin over a canonical payload. Vendors verify against public keys at /.well-known — fully offline, sub-millisecond.
Each vendor declares requiredProofs. A mailer takes email; a bank takes email+sms+wallet+kyc. One credential, the vendor picks the bar.
Optionally add a user-wallet EIP-712 signature and anchor the cert hash on Base for independent, tamper-proof verification.
Every credential carries a spend budget. Vendors meter usage against it through the broker ledger — settlement-ready.
Bearer credentials with a stable nonce. Revoke instantly; vendors in online mode check the broker on every redemption.
Drop notlogin-sdk into any TypeScript backend. No API keys on the vendor side — the signature is the auth.
The first agent-native products use Notlogin as the trust layer between their users and the software their agents touch.

“Our inboxes are issued to agents, not humans. The SDK verifies credentials offline from day one: no API keys to rotate, nothing for a prompt injection to steal.”

Building something agents should be able to use? Get listed in the catalog and start accepting verified agents this week.
Deep dives on agent identity, verifiable credentials and the auth broker model — from the team building Notlogin.
More on the Notlogin blog — a new guide ships every week.
The questions every team shipping agents ends up asking about agent identity, signup and credentials.
An auth broker sits between AI agents and the services they use. The human verifies their identity once and pre-authorizes vendors; the broker issues a signed, scoped credential the agent presents instead of a password or API key. Vendors verify the signature and know a real, accountable human stands behind the agent.
The agent presents a Notlogin verifiable credential to the vendor. The vendor’s backend verifies the Ed25519 signature offline with the notlogin-sdk and creates the account at a verified-human tier — no signup form, no email confirmation loop, no OAuth consent screen. Machine-readable instructions live at notlogin.com/auth.md.
No. Any secret inside an agent’s context is one prompt injection away from leaking, and a raw password grants standing, account-wide access. With Notlogin, agents never hold secrets: they carry a scoped, budget-capped, revocable credential, and your passwords never leave you.
With a five-line SDK call: verifyCredential() checks the Ed25519 signature against Notlogin’s public keys published at /.well-known — fully offline, sub-millisecond. Vendors declare which proofs they require (email, SMS, wallet, KYC) and the credential shows which the user passed.
Instantly. Every credential carries a stable nonce; one revocation call invalidates all copies. Credentials also expire by default and carry a USDC spend budget, so the worst case of a compromised agent is capped in advance.