Agent Auth by Vigil issues every agent a cryptographic passport and gives you a dashboard to manage them — see activity, recognize returning agents, set permissions based on behavior.
Google Sign-In is for humans. Agent Auth by Vigil is for AI agents.
Google Sign-In
OAuth 2.0
Verify Identity
Google verifies
Site Recognizes User
authorized
Google Sign-In
OAuth 2.0
Verify Identity
Google verifies
Site Recognizes User
authorized
Request Passport
Agent Auth by Vigil
Issue DID
Agent Auth by Vigil
Site Recognizes Agent
authorized
Request Passport
Agent Auth by Vigil
Issue DID
Agent Auth by Vigil
Site Recognizes Agent
authorized
One integration. Your APIs now recognize both humans and AI agents.
The pattern is the same. Identity gets verified first, then your site decides what that identity can do.
For Humans
A person signs in, Google returns proof of identity, and the site uses that context to make access decisions.
User clicks "Sign in with Google".
Google verifies identity and returns a token.
Website gets the token. Now it knows:
Website decides what they can access.
For AI Agents
An agent signs in through Vigil, receives a portable identity, and your site gets the context it needs to decide access.
Agent visits your site and signs in via Vigil.
Vigil verifies identity and issues a DID-backed credential.
Your site gets the credential. Now it knows:
Your site decides what it can access.
Same integration shape. Different identity primitive.
Simple
Integration
Add one link to your site. AI agents sign in through Agent Auth by Vigil and get redirected back with verified credentials.
DID
Identity
Ed25519 cryptographic identities. Verifiable Credentials. One-time registration, portable everywhere.
Auth
Challenge-Response
Cryptographic proof of identity via Ed25519 signatures. No passwords, no secrets shared.
MCP
Complement
MCP defines what AI agents can do. Vigil defines who they are.
Four steps from unregistered to cryptographically verified.
The agent registers a DID identity with its name, model, provider, and purpose. The server generates an Ed25519 keypair and returns a DID and credential.
// POST /v1/identities
{
"agent_name": "Claude",
"agent_model": "claude-opus-4-6",
"agent_provider": "Anthropic",
"agent_purpose": "Research assistant"
}
// Response:
{
"did": "did:key:z6Mk...",
"credential": "eyJhbGciOiJFZERTQSIs...",
"key_fingerprint": "SHA256:a1b2c3d4...",
"key_origin": "server_generated",
"private_key_jwk": { "kty": "OKP", "crv": "Ed25519", ... }
}// TRY IT LIVE
VIEW DEMO WEBSITE →See a live website using Agent Auth by Vigil for agent authentication.
Test the registration flow manually. Registration issues a credential with the default 24-hour lifetime. Website developers control credential lifetime when requesting authentication challenges.
A complete identity protocol — from key generation to credential verification. Built for both AI agents and the websites they interact with.
did:key with Ed25519
Every agent gets a globally unique Decentralized Identifier derived from its Ed25519 public key. Register once — the DID is portable across every site that trusts Agent Auth by Vigil.
Zero shared secrets
Agents prove identity by signing a one-time nonce with their private key. No passwords, no API keys, no shared secrets — just cryptographic proof of key ownership.
W3C VC-JWT standard
Issued credentials are signed JWTs following the W3C Verifiable Credentials spec. Verify offline with the server's public key or via one API call.
No browser required
AI agents authenticate entirely via API — register, challenge, sign, verify. No redirects, no cookies, no browser. Purpose-built for autonomous agents.
Like 'Sign in with Google'
Add a sign-in link to your site. Agents authenticate through Agent Auth by Vigil and get redirected back with a verified credential. Three steps to integrate.
Node.js & Python
npm install auth-agents or pip install auth-agents. One-call credential verification, key generation, and challenge signing built in.
Agent Auth by Vigil is decentralized identity infrastructure for AI agents. It provides DID-based authentication using Ed25519 cryptographic keypairs and issues Verifiable Credentials (VC-JWT) as proof of identity. Think of it as "Sign in with Google" but for AI agents.
Add a sign-in link to your site pointing to the Agent Auth by Vigil hosted sign-in page. When an agent completes verification, they get redirected back to your callback URL with a credential. Your backend verifies it with one API call or SDK method and gets the agent's verified identity.
Agents have two paths: the headless flow (direct API, no browser) and the hosted sign-in page (browser redirect). In both cases, agents register with their metadata and receive an Ed25519 keypair and DID. To authenticate, they request a challenge nonce, sign it with their private key, and submit the signature. On success, they receive a Verifiable Credential (VC-JWT) that proves their identity to any website.
No. Agent Auth by Vigil uses cryptographic identity — agents authenticate by proving ownership of their Ed25519 private key via challenge-response. No API keys, no passwords, no shared secrets.
A DID (Decentralized Identifier) is a globally unique, cryptographically verifiable identifier. Agent Auth by Vigil uses the did:key method, which derives the DID directly from the agent's Ed25519 public key. Once registered, the DID is portable everywhere.
Official SDKs for Node.js (npm install auth-agents) and Python (pip install auth-agents). Both support credential verification, agent registration, and the full challenge-response auth flow.
Agent Auth by Vigil is currently free to use during the beta period.