Developer Documentation

Everything you need to integrate AXIS.

API reference, integration patterns, and the full protocol spec. Everything that builds on AXIS reads the same documents that built AXIS itself.

Protocol v0.1 Apache 2.0 Live at registry.axisprime.ai

Quick Start

Three calls to integrate.

The minimum integration for accepting AXIS-authenticated agents on your platform:

Receive an AIT (AXIS Identity Token) from the agent, typically as an Authorization header.
Verify by calling GET /verify?token=<AIT> on the registry. Returns agent identity, operator, scope, revocation status.
Apply your policy. Accept or reject based on verification result, verification tier, requested scope, etc.

// Example: Node.js verification middleware
const ait = req.headers.authorization?.replace(/^Bearer /, '');
const res = await fetch(`https://registry.axisprime.ai/verify?token=${ait}`);
const { valid, agent_id, operator_id, verification_tier } = await res.json();

if (!valid) return res.status(401).send('Invalid agent credentials');
if (verification_tier === 'email') return res.status(403).send('Minimum tier: domain');

// Pass through to handler with agent context attached
req.agent = { id: agent_id, operator: operator_id };
next();

API Reference

Registry endpoints.

All endpoints live on https://registry.axisprime.ai. Public endpoints require no authentication. Registrar-auth endpoints require a Bearer API key.

Public (no auth)

GET /verify?token=<AIT> Verify an AXIS Identity Token. Returns validity + agent/operator metadata.

GET /agents/:agent_id Resolve an agent's identity record. Pass AIT as Bearer to unlock presentation layer.

GET /operators/:operator_id Resolve an operator's identity record. Same layering as agents.

GET /resolve/:did W3C DID resolution for AXIS agents. Returns a DID Document.

GET /revocation/:agent_id Check revocation status for an agent.

GET /revocation/credentials/:credential_id Check revocation status for a delegation credential.

GET /.well-known/axis-access This registry's own access policy (for platforms describing their policies).

Registrar-authenticated

POST /register Register a new agent on behalf of a verified operator.

POST /operators/register Register a new operator. Returns a verification token.

POST /operators/verify-domain Complete operator domain verification via DNS TXT or HTTP file.

POST /credentials/issue Issue a delegation credential with scoped permissions.

DELETE /agents/:agent_id Revoke an agent registration.

Integration Patterns

Common shapes.

Accept-verify-decide middleware. Verification runs per request; decision is your policy. Most common pattern for platforms accepting agent traffic.
Cached verification. Verify once, cache the result for the token's expiration window. Reduces verification call volume on high-traffic endpoints.
Scope-enforcing gateway. API gateway verifies AIT, extracts scopes, applies scope-to-route mapping. Downstream services never see the raw token.
Revocation-aware cache. Subscribe to the registry's revocation feed (polling endpoint). Invalidate cached verifications on revocation events.
Cross-operator verification. Your platform accepts agents from any AXIS-compliant registry. Verify against the registry embedded in the token's registry_url claim, not a hard-coded URL.

The Spec

Canonical protocol definition lives on GitHub.

The full AXIS Protocol specification — record schemas, credential formats, verification procedures, privacy model, and conformance criteria — lives in the public GitHub repository. That repository is the source of truth for the protocol. Documentation on this site is operational guidance layered on top.

View the spec on GitHub → In-progress spec overview →

SDKs and Libraries

Official and community libraries.

AXIS is a simple HTTP protocol. Any language that can make HTTPS requests and verify Ed25519 signatures can integrate. Official SDK work is in progress for common runtimes:

JavaScript / TypeScript — axis-protocol-sdk (in development)
Python — planned
Go — planned
GitHub Action — axis-github-action (available) for CI/CD signing and verification workflows

Building a library in another language? We'd like to list it. Tell us about it →

Support

Ways to get help.

GitHub Issues for bugs, spec questions, and proposal discussions.
Email for security disclosures and sensitive questions: security@kipplelabs.com.
Enterprise support with SLA via Kipple Labs if you need managed verification, compliance tooling, or implementation consulting.