Get started

Give every agent action an identity you can verify

auth51 mints a scoped, single-use token for every outbound call your agent makes — created at the source, bound to a key that never leaves the process, and verified at the resource. No auth code in your tools. Pick where you're starting from.

Right now, when your agent calls a tool or an API, nothing proves which agent made the call, that its instructions weren't tampered with, or that a leaked token isn't being replayed by something else. That risk is invisible — until it isn't. auth51 makes every agent action carry a verifiable identity, and turning it on is a single import.

You will learn

  • Why an agent's identity is a fingerprint of what it is, not a password
  • How one import makes your agents identify themselves — no code changes
  • How an unregistered agent shows up for you to approve
  • Where to watch it happen, live

The one idea

An agent's identity isn't a secret it carries — it's a fingerprint of what it is: its system prompt and the tools it can call. The auth51 client watches your agent talk to its model, computes that fingerprint (a checksum), and matches it against the agents your org has registered. A match identifies the agent with no self-declaration; no match means it's unregistered — a signal in itself. You never tell auth51 which agent is running; it derives it.

Shared API key

One long-lived secret. Every call looks identical. A leaked token replays anywhere, as anyone, until someone notices and rotates it.

With auth51

Each call carries a fresh token — scoped to one action, bound to this agent's fingerprint and a key that never leaves the process. A stolen token is inert.

Quickstart

1

Create an API key

Sign in to the console — you get an org automatically — and create a key under Settings → API Keys. Set it in your agent's environment; the client reads it on import.

env
export AUTH51_CLIENT_ID=a51_live_...     # Settings → API Keys
export AUTH51_CLIENT_SECRET=...          # shown once

Note

The key is clamped to your org and a safe scope envelope — even if it leaks it can't approve escalations or reach another tenant. On AWS you can skip the secret entirely with keyless workload identity (the agent proves its IAM role).
2

Install and import

That's the whole integration. One import installs egress interception and, on your agent's first model call, identifies it from the wire. No configure(), no wrapping your code, no audiences to declare.

shell
pip install auth51
your_app.py
import auth51        # ← that's it

# ...run your agent exactly as you already do.
run_your_agent()
3

Approve it in the console

The first time your agent runs, the client sends its observed identity — system prompt, tools, computed checksum — to your org's discovery inbox. It appears under Agents → Discovered. Review what it computed and click Register. From the next run on, that agent is recognized and its actions are governed.

console · your org
checkout-bot
checksum 3f9a…c21e · 2 tools
live
mint · payment:execute → api.acme.com
dpop-bound · exp 60s · agent checkout-bot
allowed

Note

The prompt and tools travel only to your discovery inbox for your review — they enter the Authority only when you approve. Nothing an unregistered agent does is silently trusted (fail-closed).

Recap

  • API key in the environment + import auth51 — the entire integration.
  • The client derives each agent's identity from its model call; you don't declare anything.
  • Unregistered agents surface in Discovered with the identity they computed — approve to register.
  • Registered agents are recognized and governed automatically on the next run.

Advanced & self-host

The defaults above cover the managed (SaaS) path. Reach for these only when you need to.

Deep dive · Configure in code instead of env (and self-host)
Prefer explicit config, or running your own authority/discovery? Call configure() once at startup. On-prem, point it at your own servers — it never falls back to the SaaS discovery for a custom authority.
startup.py
import auth51

auth51.configure(
    client_id="a51_live_...", client_secret="...",
    # self-host only — SaaS is the default:
    authority_url="https://authority.your-co.internal",
    discovery_url="https://discovery.your-co.internal",
)
Deep dive · Name an agent explicitly, or register from CI/CD
The client names discovered agents provisionally from their prompt; the console lets you rename on approval. To pin a name yourself, wrap the run in with auth51.agent("checkout-bot"): .... To register agents ahead of time (e.g. a deploy step) rather than discover them at runtime, POST their components to /v1/intent/register/agent — the same call the Approve button makes.
Deep dive · Enforce at your resource servers (audiences)
Discovery and identity need no configuration. To also mint intent tokens on the calls your agents make to your resource servers, tell the client which hosts are auth51-protected via audiences (or AUTH51_AUDIENCES) and verify them with the auth51 verifier on those services.

Next steps