Skip to main content

Choose an AI agent integration

Service Provider Adapters

Pre-built integrations for 11 services: Google Calendar, Gmail, Drive, Stripe, Slack, GitHub, Notion, HubSpot, Salesforce, Linear, Jira.

Credential Vault

Encrypted per-user credential store. Agents exchange grant tokens for upstream service credentials.

MCP Auth Server

OAuth 2.1 + PKCE endpoint package for single-process evaluation; review the version 2.0.2 consent, code-handoff, state, and revocation limitations.

Grantex Gateway

Zero-code reverse-proxy that enforces grant tokens via YAML config.

Express.js

Grant token verification and scope-based authorization middleware.

FastAPI

Dependency injection for grant token verification and scope checks.

MCP Server

17 tools for Claude Desktop, Cursor, and Windsurf.

LangChain

Scope-enforced tools and audit callbacks.

Vercel AI SDK

Zod-schema tools with scope checks at construction time.

AutoGen / OpenAI

Function calling with scope enforcement and registry.

CrewAI

Python tools with scope enforcement and audit logging.

OpenAI Agents SDK

FunctionTool wrapper with JWKS-backed token verification and scope checks.

Google ADK

Plain function tools for Google Agent Development Kit.

Strands Agents SDK

TypeScript and Python Strands tools with Grantex scope enforcement.

Anthropic SDK

Scope-enforced tool use and audit logging for Claude models.

x402 Payment Protocol

Agent spend authorization for x402 payment flows — GDTs for USDC on Base L2.

CLI

Manage agents, grants, and audit from your terminal.

A2A Bridge (TypeScript)

Inject Grantex grant tokens into Google A2A agent-to-agent communication.

A2A Bridge (Python)

Python client/server for Grantex-authenticated A2A task exchange.

Gemma 4 (On-Device)

Verify signed grant claims against a provisioned key bundle during offline operation; refresh keys, token validity, and revocation data through a trusted synchronization path.

DPDP / GDPR Technical Controls

Consent records, purpose-limitation fields, grievance workflows, and audit exports can support DPDP Act 2023 and EU GDPR programs; they are technical tooling, not legal compliance or certification.

Trust Registry

Public directory of registered AI agent publishers with DID profiles, public keys, and DNS ownership verification. Stored badge fields are metadata, not a compliance certification program.

Scope Enforcement

Enforce tool-level permissions on any connector — define your own manifests or use 53 pre-built ones. One-line enforcement via enforce().

Conformance Suite

Validate any Grantex server against the spec.

Event Destinations

Forward Grantex events to Datadog, Splunk, S3, BigQuery, and Kafka.

Terraform Provider

Manage Grantex resources as infrastructure with the official Terraform provider.

At a Glance

For production MCP enforcement today, use a primary SDK or direct JWKS-backed verification at the service boundary. Treat @grantex/mcp-auth@2.0.2 as single-process evaluation software until its documented limitations are fixed.

Verifiable Intent & Agentic Commerce

Grantex integrates with emerging standards for agentic commerce through W3C Verifiable Credentials and FIDO2/WebAuthn:

Verifiable Credentials

Issue W3C VCs alongside grant tokens. Agents present portable, tamper-evident proof of authorization to any verifier — no Grantex account required.

FIDO2 / WebAuthn

Passkey-based human presence verification. Cryptographic proof that a real human authorized the agent, embedded in grants and VCs.

DID Infrastructure

W3C DID document at did:web:grantex.dev. Any party can verify Grantex-issued credentials using published public keys.

MPP Agent Passport

Agent identity for machine payments. Issue W3C VC 2.0 passports with spending limits and category restrictions; verifiers can reuse valid cached keys after JWKS retrieval.
These capabilities support the Mastercard Verifiable Intent specification and similar agentic commerce frameworks. When an agent needs to prove its authorization to a payment processor, merchant, or third-party API, it presents a Verifiable Credential that the receiving party can verify independently using the Grantex DID document.
Verifiable Credentials are opt-in. Pass credentialFormat: "vc-jwt" during token exchange to receive a VC alongside the standard grant token. Existing integrations continue to work unchanged.

Enterprise Identity & Access

Enterprise SSO

OIDC and SAML 2.0 SSO with multi-IdP routing, JIT provisioning, group-to-scope mapping, and enforcement, plus an LDAP direct-bind preview that does not yet search directories or retrieve groups.

SCIM 2.0 Provisioning

Sync agents and principals from your identity provider automatically via SCIM 2.0.

How Integrations Work

Every integration follows the same pattern:
  1. Wrap your tool function with Grantex scope enforcement
  2. Pass a grant token (RS256 JWT) from the authorization flow
  3. Specify the required scope for the tool
  4. The integration verifies the JWT signature and claims against the configured JWKS endpoint, then checks scp
  5. If the scope is missing, the tool throws immediately before your function runs
The standalone verification helpers may contact their configured JWKS endpoint while resolving keys. Keep that endpoint reachable from every protected runtime; if keys cannot be obtained, protected execution fails closed.
Last modified on July 12, 2026