AI agent authentication, explained
Practical guides on auth brokers, verifiable credentials, agent-driven signup and agent identity — from the team building Notlogin.
What is an auth broker for AI agents?
An auth broker sits between AI agents and the services they use, so agents can sign up and sign in without handling passwords or raw API keys. Here is how it works and why the pattern is winning.
How AI agents sign up without a form (auth.md and verifiable credentials)
Signup forms assume a human. Two emerging patterns let AI agents register users legitimately: auth.md contracts and broker-issued verifiable credentials. How they work and how they compose.
AI agent authentication methods compared: API keys, OAuth, and verifiable credentials
API keys, OAuth delegation, vaulted-secret proxies and verifiable credentials — the four ways AI agents authenticate today, and how they compare on blast radius, auditability and friction.
Agent identity vs user identity: who is really calling your API?
Agents are not users, and pretending they are breaks security and audit. Why delegation — a human identity, an agent principal, and a verifiable link between them — is the model that works.