Choose an AI agent integration
Service Provider Adapters
Pre-built integrations for 11 services: Google Calendar, Gmail, Drive, Stripe, Slack, GitHub, Notion, HubSpot, Salesforce, Linear, Jira.
Credential Vault
Encrypted per-user credential store. Agents exchange grant tokens for upstream service credentials.
MCP Auth Server
OAuth 2.1 + PKCE endpoint package for single-process evaluation; review the version 2.0.2 consent, code-handoff, state, and revocation limitations.
Grantex Gateway
Zero-code reverse-proxy that enforces grant tokens via YAML config.
Express.js
Grant token verification and scope-based authorization middleware.
FastAPI
Dependency injection for grant token verification and scope checks.
MCP Server
17 tools for Claude Desktop, Cursor, and Windsurf.
LangChain
Scope-enforced tools and audit callbacks.
Vercel AI SDK
Zod-schema tools with scope checks at construction time.
AutoGen / OpenAI
Function calling with scope enforcement and registry.
CrewAI
Python tools with scope enforcement and audit logging.
OpenAI Agents SDK
FunctionTool wrapper with JWKS-backed token verification and scope checks.
Google ADK
Plain function tools for Google Agent Development Kit.
Strands Agents SDK
TypeScript and Python Strands tools with Grantex scope enforcement.
Anthropic SDK
Scope-enforced tool use and audit logging for Claude models.
x402 Payment Protocol
Agent spend authorization for x402 payment flows — GDTs for USDC on Base L2.
CLI
Manage agents, grants, and audit from your terminal.
A2A Bridge (TypeScript)
Inject Grantex grant tokens into Google A2A agent-to-agent communication.
A2A Bridge (Python)
Python client/server for Grantex-authenticated A2A task exchange.
Gemma 4 (On-Device)
Verify signed grant claims against a provisioned key bundle during offline operation; refresh keys, token validity, and revocation data through a trusted synchronization path.
DPDP / GDPR Technical Controls
Consent records, purpose-limitation fields, grievance workflows, and audit exports can support DPDP Act 2023 and EU GDPR programs; they are technical tooling, not legal compliance or certification.
Trust Registry
Public directory of registered AI agent publishers with DID profiles, public keys, and DNS ownership verification. Stored badge fields are metadata, not a compliance certification program.
Scope Enforcement
Enforce tool-level permissions on any connector — define your own manifests or use 53 pre-built ones. One-line enforcement via enforce().
Conformance Suite
Validate any Grantex server against the spec.
Event Destinations
Forward Grantex events to Datadog, Splunk, S3, BigQuery, and Kafka.
Terraform Provider
Manage Grantex resources as infrastructure with the official Terraform provider.
At a Glance
Verifiable Intent & Agentic Commerce
Grantex integrates with emerging standards for agentic commerce through W3C Verifiable Credentials and FIDO2/WebAuthn:Verifiable Credentials
Issue W3C VCs alongside grant tokens. Agents present portable, tamper-evident proof of authorization to any verifier — no Grantex account required.
FIDO2 / WebAuthn
Passkey-based human presence verification. Cryptographic proof that a real human authorized the agent, embedded in grants and VCs.
DID Infrastructure
W3C DID document at did:web:grantex.dev. Any party can verify Grantex-issued credentials using published public keys.
MPP Agent Passport
Agent identity for machine payments. Issue W3C VC 2.0 passports with spending limits and category restrictions; verifiers can reuse valid cached keys after JWKS retrieval.
Verifiable Credentials are opt-in. Pass
credentialFormat: "vc-jwt" during token exchange to receive a VC alongside the standard grant token. Existing integrations continue to work unchanged.Enterprise Identity & Access
Enterprise SSO
OIDC and SAML 2.0 SSO with multi-IdP routing, JIT provisioning,
group-to-scope mapping, and enforcement, plus an LDAP direct-bind preview
that does not yet search directories or retrieve groups.
SCIM 2.0 Provisioning
Sync agents and principals from your identity provider automatically via SCIM 2.0.
How Integrations Work
Every integration follows the same pattern:- Wrap your tool function with Grantex scope enforcement
- Pass a grant token (RS256 JWT) from the authorization flow
- Specify the required scope for the tool
- The integration verifies the JWT signature and claims against the configured JWKS endpoint, then checks
scp - If the scope is missing, the tool throws immediately before your function runs