# Grantex ## Docs - [Delete an agent](https://docs.grantex.dev/api-reference/agents/delete-an-agent.md) - [Get agent by id](https://docs.grantex.dev/api-reference/agents/get-agent-by-id.md) - [List all agents](https://docs.grantex.dev/api-reference/agents/list-all-agents.md) - [Register a new agent](https://docs.grantex.dev/api-reference/agents/register-a-new-agent.md) - [Update an agent](https://docs.grantex.dev/api-reference/agents/update-an-agent.md) - [Acknowledge alert](https://docs.grantex.dev/api-reference/anomalies/acknowledge-alert.md) - [Acknowledge an anomaly](https://docs.grantex.dev/api-reference/anomalies/acknowledge-an-anomaly.md) - [Create channel](https://docs.grantex.dev/api-reference/anomalies/create-channel.md) - [Create rule](https://docs.grantex.dev/api-reference/anomalies/create-rule.md) - [Delete channel](https://docs.grantex.dev/api-reference/anomalies/delete-channel.md) - [Delete rule](https://docs.grantex.dev/api-reference/anomalies/delete-rule.md) - [Get metrics](https://docs.grantex.dev/api-reference/anomalies/get-metrics.md) - [List alerts](https://docs.grantex.dev/api-reference/anomalies/list-alerts.md) - [List channels](https://docs.grantex.dev/api-reference/anomalies/list-channels.md) - [List detected anomalies](https://docs.grantex.dev/api-reference/anomalies/list-detected-anomalies.md) - [List rules](https://docs.grantex.dev/api-reference/anomalies/list-rules.md) - [Resolve alert](https://docs.grantex.dev/api-reference/anomalies/resolve-alert.md) - [Run anomaly detection](https://docs.grantex.dev/api-reference/anomalies/run-anomaly-detection.md) - [Get audit entry by id](https://docs.grantex.dev/api-reference/audit/get-audit-entry-by-id.md) - [List audit entries](https://docs.grantex.dev/api-reference/audit/list-audit-entries.md) - [Log an audit entry](https://docs.grantex.dev/api-reference/audit/log-an-audit-entry.md) - [Get current developer profile](https://docs.grantex.dev/api-reference/authentication/get-current-developer-profile.md) - [Register a new developer account](https://docs.grantex.dev/api-reference/authentication/register-a-new-developer-account.md) - [Rotate api key](https://docs.grantex.dev/api-reference/authentication/rotate-api-key.md) - [Approve an authorization request](https://docs.grantex.dev/api-reference/authorization/approve-an-authorization-request.md) - [Create an authorization request](https://docs.grantex.dev/api-reference/authorization/create-an-authorization-request.md) - [Deny an authorization request](https://docs.grantex.dev/api-reference/authorization/deny-an-authorization-request.md) - [Create a stripe billing portal session](https://docs.grantex.dev/api-reference/billing/create-a-stripe-billing-portal-session.md) - [Create a stripe checkout session](https://docs.grantex.dev/api-reference/billing/create-a-stripe-checkout-session.md) - [Get current subscription](https://docs.grantex.dev/api-reference/billing/get-current-subscription.md) - [Stripe webhook handler](https://docs.grantex.dev/api-reference/billing/stripe-webhook-handler.md) - [Allocate Budget](https://docs.grantex.dev/api-reference/budgets/allocate.md): Create a budget allocation for a grant, setting a spending cap for the agent. - [List Budget Allocations](https://docs.grantex.dev/api-reference/budgets/allocations.md): List all budget allocations for the authenticated developer. - [Get Budget Balance](https://docs.grantex.dev/api-reference/budgets/balance.md): Retrieve the current budget balance for a grant. - [Debit Budget](https://docs.grantex.dev/api-reference/budgets/debit.md): Debit an amount from a grant's budget allocation. Returns 402 if the budget is insufficient. - [List Budget Transactions](https://docs.grantex.dev/api-reference/budgets/transactions.md): Retrieve paginated transaction history for a grant's budget. - [Export audit entries for compliance](https://docs.grantex.dev/api-reference/compliance/export-audit-entries-for-compliance.md) - [Export grants for compliance](https://docs.grantex.dev/api-reference/compliance/export-grants-for-compliance.md) - [Generate compliance evidence pack](https://docs.grantex.dev/api-reference/compliance/generate-compliance-evidence-pack.md) - [Get compliance summary](https://docs.grantex.dev/api-reference/compliance/get-compliance-summary.md) - [Consent Bundles API](https://docs.grantex.dev/api-reference/consent-bundles.md): API reference for offline consent bundle endpoints: create, list, revoke, and check revocation status. - [Approve consent end user action](https://docs.grantex.dev/api-reference/consent/approve-consent-end-user-action.md) - [Consent ui page](https://docs.grantex.dev/api-reference/consent/consent-ui-page.md) - [Deny consent end user action](https://docs.grantex.dev/api-reference/consent/deny-consent-end-user-action.md) - [Get consent request details](https://docs.grantex.dev/api-reference/consent/get-consent-request-details.md) - [Get credential](https://docs.grantex.dev/api-reference/credentials/get-credential.md) - [List credentials](https://docs.grantex.dev/api-reference/credentials/list-credentials.md) - [Status list](https://docs.grantex.dev/api-reference/credentials/status-list.md) - [Verify credential](https://docs.grantex.dev/api-reference/credentials/verify-credential.md) - [Did document](https://docs.grantex.dev/api-reference/did/did-document.md) - [Register Custom Domain](https://docs.grantex.dev/api-reference/domains/create.md): Register a custom domain on your Grantex account. Returns a token to add as a DNS TXT record. Requires Enterprise plan. Runtime traffic routing on your domain is on the roadmap; today endpoints still resolve under *.grantex.dev. - [Delete Custom Domain](https://docs.grantex.dev/api-reference/domains/delete.md): Remove a custom domain registration. - [List Custom Domains](https://docs.grantex.dev/api-reference/domains/list.md): List all custom domains registered by the authenticated developer. - [Verify Domain DNS](https://docs.grantex.dev/api-reference/domains/verify.md): Trigger DNS verification for a registered custom domain. - [Create Consent Notice](https://docs.grantex.dev/api-reference/dpdp/create-consent-notice.md): Register a versioned consent notice. Required before creating consent records — the notice content is hashed and linked to each record. - [Create Consent Record](https://docs.grantex.dev/api-reference/dpdp/create-consent-record.md): Create a DPDP-compliant consent record linking a grant to a data principal with explicit purpose limitation. - [Create Export](https://docs.grantex.dev/api-reference/dpdp/create-export.md): Generate a compliance export for DPDP, GDPR Article 15, or EU AI Act conformance. Bundles consent records, audit logs, and grievances into a single report. - [File Grievance](https://docs.grantex.dev/api-reference/dpdp/file-grievance.md): File a grievance on behalf of a data principal. Implements the grievance mechanism required by DPDP Section 13(6). - [Get Consent Record](https://docs.grantex.dev/api-reference/dpdp/get-consent-record.md): Retrieve a single DPDP consent record by ID. Increments the access counter for audit purposes. - [Get Export](https://docs.grantex.dev/api-reference/dpdp/get-export.md): Retrieve a previously generated compliance export by ID. - [Get Grievance](https://docs.grantex.dev/api-reference/dpdp/get-grievance.md): Retrieve the status and details of a DPDP grievance by ID. - [List Consent Records](https://docs.grantex.dev/api-reference/dpdp/list-consent-records.md): List all DPDP consent records for the developer, with optional filtering by data principal. - [List Principal Records](https://docs.grantex.dev/api-reference/dpdp/list-principal-records.md): Retrieve all consent records for a specific data principal. Implements the right to access under DPDP Section 11. - [Request Erasure](https://docs.grantex.dev/api-reference/dpdp/request-erasure.md): Exercise the right to erasure for a data principal. Marks all consent records as erased, revokes associated grants, and anonymizes audit entries (DPDP Section 11). - [Withdraw Consent](https://docs.grantex.dev/api-reference/dpdp/withdraw-consent.md): Withdraw a DPDP consent record. Optionally revokes the underlying grant and deletes processed data. - [Stream](https://docs.grantex.dev/api-reference/events/stream.md) - [Websocket](https://docs.grantex.dev/api-reference/events/websocket.md) - [Delegate a grant to a sub agent](https://docs.grantex.dev/api-reference/grants/delegate-a-grant-to-a-sub-agent.md) - [Get grant by id](https://docs.grantex.dev/api-reference/grants/get-grant-by-id.md) - [List grants](https://docs.grantex.dev/api-reference/grants/list-grants.md) - [Revoke a grant](https://docs.grantex.dev/api-reference/grants/revoke-a-grant.md) - [Verify a grant tokens revocation status](https://docs.grantex.dev/api-reference/grants/verify-a-grant-tokens-revocation-status.md) - [API Reference](https://docs.grantex.dev/api-reference/introduction.md): Complete REST API reference for the Grantex Auth Service - [Offline Sync API](https://docs.grantex.dev/api-reference/offline-sync.md): API reference for syncing offline audit log entries to the Grantex cloud. - [Active bundle](https://docs.grantex.dev/api-reference/policies/active-bundle.md) - [Create an access policy](https://docs.grantex.dev/api-reference/policies/create-an-access-policy.md) - [Delete a policy](https://docs.grantex.dev/api-reference/policies/delete-a-policy.md) - [Get policy by id](https://docs.grantex.dev/api-reference/policies/get-policy-by-id.md) - [List access policies](https://docs.grantex.dev/api-reference/policies/list-access-policies.md) - [List bundles](https://docs.grantex.dev/api-reference/policies/list-bundles.md) - [Sync policy bundle](https://docs.grantex.dev/api-reference/policies/sync-policy-bundle.md) - [Sync webhook](https://docs.grantex.dev/api-reference/policies/sync-webhook.md) - [Update a policy](https://docs.grantex.dev/api-reference/policies/update-a-policy.md) - [Create principal session](https://docs.grantex.dev/api-reference/principal-sessions/create-principal-session.md) - [Get principal audit](https://docs.grantex.dev/api-reference/principal-sessions/get-principal-audit.md) - [List principal grants](https://docs.grantex.dev/api-reference/principal-sessions/list-principal-grants.md) - [Revoke principal grant](https://docs.grantex.dev/api-reference/principal-sessions/revoke-principal-grant.md) - [Create a scim provisioning token](https://docs.grantex.dev/api-reference/scim/create-a-scim-provisioning-token.md) - [Create a scim user](https://docs.grantex.dev/api-reference/scim/create-a-scim-user.md) - [Delete a scim token](https://docs.grantex.dev/api-reference/scim/delete-a-scim-token.md) - [Delete a scim user](https://docs.grantex.dev/api-reference/scim/delete-a-scim-user.md) - [Get scim user by id](https://docs.grantex.dev/api-reference/scim/get-scim-user-by-id.md) - [List scim tokens](https://docs.grantex.dev/api-reference/scim/list-scim-tokens.md) - [List scim users](https://docs.grantex.dev/api-reference/scim/list-scim-users.md) - [Patch a scim user](https://docs.grantex.dev/api-reference/scim/patch-a-scim-user.md) - [Replace a scim user](https://docs.grantex.dev/api-reference/scim/replace-a-scim-user.md) - [Scim service provider configuration](https://docs.grantex.dev/api-reference/scim/scim-service-provider-configuration.md) - [Send verification](https://docs.grantex.dev/api-reference/signup/send-verification.md) - [Verify token](https://docs.grantex.dev/api-reference/signup/verify-token.md) - [Configure oidc sso](https://docs.grantex.dev/api-reference/sso/configure-oidc-sso.md) - [Create sso connection](https://docs.grantex.dev/api-reference/sso/create-sso-connection.md) - [Delete sso connection](https://docs.grantex.dev/api-reference/sso/delete-sso-connection.md) - [Get sso configuration](https://docs.grantex.dev/api-reference/sso/get-sso-configuration.md) - [Initiate sso login](https://docs.grantex.dev/api-reference/sso/initiate-sso-login.md) - [LDAP Callback](https://docs.grantex.dev/api-reference/sso/ldap-callback.md): Authenticate a user via LDAP bind and create an SSO session. - [List sso connections](https://docs.grantex.dev/api-reference/sso/list-sso-connections.md) - [List sso sessions](https://docs.grantex.dev/api-reference/sso/list-sso-sessions.md) - [Oidc callback](https://docs.grantex.dev/api-reference/sso/oidc-callback.md) - [Remove sso configuration](https://docs.grantex.dev/api-reference/sso/remove-sso-configuration.md) - [Revoke sso session](https://docs.grantex.dev/api-reference/sso/revoke-sso-session.md) - [Saml callback](https://docs.grantex.dev/api-reference/sso/saml-callback.md) - [Set sso enforcement](https://docs.grantex.dev/api-reference/sso/set-sso-enforcement.md) - [Sso callback](https://docs.grantex.dev/api-reference/sso/sso-callback.md) - [Test sso connection](https://docs.grantex.dev/api-reference/sso/test-sso-connection.md) - [Update sso connection](https://docs.grantex.dev/api-reference/sso/update-sso-connection.md) - [Developer dashboard](https://docs.grantex.dev/api-reference/system/developer-dashboard.md) - [Health check](https://docs.grantex.dev/api-reference/system/health-check.md) - [Json web key set](https://docs.grantex.dev/api-reference/system/json-web-key-set.md) - [Principal permissions dashboard](https://docs.grantex.dev/api-reference/system/principal-permissions-dashboard.md) - [Exchange authorization code for grant token](https://docs.grantex.dev/api-reference/tokens/exchange-authorization-code-for-grant-token.md) - [Refresh a grant token](https://docs.grantex.dev/api-reference/tokens/refresh-a-grant-token.md) - [Revoke a grant token](https://docs.grantex.dev/api-reference/tokens/revoke-a-grant-token.md) - [Verify a grant token online](https://docs.grantex.dev/api-reference/tokens/verify-a-grant-token-online.md) - [Get Current Usage](https://docs.grantex.dev/api-reference/usage/current.md): Retrieve real-time usage metrics for the current period. - [Get Usage History](https://docs.grantex.dev/api-reference/usage/history.md): Retrieve daily usage breakdown over a specified number of days. - [Delete Vault Credential](https://docs.grantex.dev/api-reference/vault/delete.md): Permanently delete a vault credential. - [Exchange Grant Token for Service Credential](https://docs.grantex.dev/api-reference/vault/exchange.md): Exchange a valid Grantex grant token for a stored upstream service credential. - [Get Vault Credential](https://docs.grantex.dev/api-reference/vault/get.md): Retrieve metadata for a specific vault credential. Does not return raw tokens. - [List Vault Credentials](https://docs.grantex.dev/api-reference/vault/list.md): List vault credential metadata for the authenticated developer. Does not return raw tokens. - [Store Vault Credential](https://docs.grantex.dev/api-reference/vault/store.md): Store an encrypted service credential in the Grantex Vault for a principal. - [Delete credential](https://docs.grantex.dev/api-reference/webauthn/delete-credential.md) - [Generate assertion options](https://docs.grantex.dev/api-reference/webauthn/generate-assertion-options.md) - [Generate registration options](https://docs.grantex.dev/api-reference/webauthn/generate-registration-options.md) - [List credentials](https://docs.grantex.dev/api-reference/webauthn/list-credentials.md) - [Verify assertion](https://docs.grantex.dev/api-reference/webauthn/verify-assertion.md) - [Verify registration](https://docs.grantex.dev/api-reference/webauthn/verify-registration.md) - [Delete a webhook](https://docs.grantex.dev/api-reference/webhooks/delete-a-webhook.md) - [List webhooks](https://docs.grantex.dev/api-reference/webhooks/list-webhooks.md) - [Register a webhook](https://docs.grantex.dev/api-reference/webhooks/register-a-webhook.md) - [4 Agent Security Breaches That Should Change How You Think About API Keys](https://docs.grantex.dev/blog/agent-security-breaches-2025-2026.md): Shai-Hulud, SANDWORM_MODE, OpenClaw, and CVE-2026-21852 — the 2025-2026 incidents that proved AI agents need their own authorization layer, not shared secrets. - [DPDP Act 2023 and AI Agents: What Your Engineering Team Must Know](https://docs.grantex.dev/blog/dpdp-act-ai-agents.md): India's DPDP Act creates specific obligations for AI agent deployments. Here's what engineering teams need to implement. - [From Copilot to Autonomous: Why Authorization Must Evolve with AI](https://docs.grantex.dev/blog/from-copilot-to-autonomous-agents.md): AI went from autocomplete to autonomous in three years. Authorization did not keep up. Here is why the shift from assisted to agentic AI demands a new security model. - [Gemma 4 Just Shipped Offline AI Agents. Here's How to Secure Them.](https://docs.grantex.dev/blog/gemma-4-offline-agents-security.md): Gemma 4 enables offline agentic workflows on-device. But offline agents with no auth story are a security gap. Here's how @grantex/gemma closes it. - [Grantex v0.1: What's Included](https://docs.grantex.dev/blog/grantex-v0-1-whats-included.md): A complete tour of everything shipping in the Grantex v0.1 release -- SDKs, integrations, CLI, enterprise features, and more. - [Grantex v2.2: Policy Engines, A2A, and the Managed Cloud](https://docs.grantex.dev/blog/grantex-v2-2.md): v2.2 brings OPA and Cedar policy backends, Google A2A agent-to-agent bridging, a managed cloud offering, and SDK 0.2.0 across all three languages. - [Introducing Grantex: OAuth 2.0 for AI Agents](https://docs.grantex.dev/blog/introducing-grantex.md): Grantex is an open delegated authorization protocol that brings human-approved, scoped, revocable permissions to AI agents. - [Agent Identity for Machine Payments: Why MPP Needs a Passport Layer](https://docs.grantex.dev/blog/mpp-agent-identity.md): MPP solves how agents pay. But who authorized the payment? Grantex adds a verifiable identity layer — W3C credentials that let merchants know exactly who is behind every agent transaction. - [OWASP Agentic Top 10: What It Means for Your AI Security Stack](https://docs.grantex.dev/blog/owasp-agentic-top-10-compliance.md): OWASP published the Agentic Security Top 10 in December 2025. The EU AI Act is binding in August 2026. NIST AI RMF is active now. Here is how each requirement maps to Grantex. - [Why AI Agents Need Their Own Authorization Protocol](https://docs.grantex.dev/blog/why-ai-agents-need-authorization.md): OAuth 2.0 was built for human users. AI agents have fundamentally different requirements -- here's why they need a purpose-built protocol. - [AgenticOrg Case Study](https://docs.grantex.dev/case-studies/agenticorg.md): How AgenticOrg enforces scope on 35 AI agents, 53+ connectors, and 339+ tools using Grantex tool manifests. - [grantex enforce](https://docs.grantex.dev/cli/enforce.md): Dry-run scope enforcement from the command line. Test whether a grant token permits a specific tool call before deploying. - [grantex manifest](https://docs.grantex.dev/cli/manifest.md): Browse, generate, and validate tool manifests — define your own or use 53 pre-built ones. - [grantex verify](https://docs.grantex.dev/cli/verify.md): Inspect any Grantex grant token from the command line. See scopes, expiry, delegation chain, and revocation status. Works offline — no account needed. - [OpenID AuthZEN Mapping](https://docs.grantex.dev/community/authzen-mapping.md): How Grantex maps to the OpenID AuthZEN Authorization API for interoperable policy evaluation. - [Contributing](https://docs.grantex.dev/community/contributing.md): How to contribute to the Grantex project. - [IETF Internet-Draft](https://docs.grantex.dev/community/ietf-draft.md): Delegated Agent Authorization Protocol (DAAP) — submitted to the IETF OAuth Working Group. - [NIST NCCoE Public Comment](https://docs.grantex.dev/community/nist-comment.md): Grantex response to NIST NCCoE AI challenge areas — mapping DAAP to the AI Risk Management Framework. - [DPDP Act 2023 Compliance](https://docs.grantex.dev/compliance/dpdp-act-2023.md): How Grantex maps to India's Digital Personal Data Protection Act 2023 for AI agent deployments. - [EU AI Act Compliance](https://docs.grantex.dev/compliance/eu-ai-act.md): How Grantex helps meet EU AI Act requirements for AI agent deployments. Binding August 2026. - [Multi-Agent Delegation](https://docs.grantex.dev/concepts/delegation.md): How Grantex handles authorization chains across multi-agent pipelines. - [Grant Token](https://docs.grantex.dev/concepts/grant-token.md): Grantex grant tokens are RS256-signed JWTs with agent-specific claims. - [How It Works](https://docs.grantex.dev/concepts/how-it-works.md): The three primitives that make up the Grantex protocol. - [Scope Registry](https://docs.grantex.dev/concepts/scope-registry.md): Standard scope definitions for common domains, plus guidelines for custom scopes. - [Scopes](https://docs.grantex.dev/concepts/scopes.md): Grantex scopes use the resource:action[:constraint] naming convention. - [Tool Manifests](https://docs.grantex.dev/concepts/tool-manifests.md): How tool manifests map every tool to a permission level, enabling precise scope enforcement for AI agent tool calls. - [Grantex vs OAuth 2.0](https://docs.grantex.dev/concepts/vs-oauth.md): How Grantex compares to OAuth 2.0 and when to use each. - [Anthropic SDK Tool Use](https://docs.grantex.dev/examples/anthropic-tool-use.md): Scope-enforced tool use with audit logging using the Anthropic SDK. - [Audit Dashboard](https://docs.grantex.dev/examples/audit-dashboard.md): Query, filter, and analyze the Grantex audit trail with metrics and hash chain verification. - [CrewAI Agent](https://docs.grantex.dev/examples/crewai-agent.md): Scoped tools with audit logging using CrewAI. - [Google ADK](https://docs.grantex.dev/examples/google-adk.md): Scope-enforced tools using Google Agent Development Kit. - [LangChain Agent](https://docs.grantex.dev/examples/langchain-agent.md): Scoped tools with automatic audit logging using LangChain. - [Multi-Agent Email Flow](https://docs.grantex.dev/examples/multi-agent-email-flow.md): Multi-agent delegation with failure handling, cascade revocation, and audit trail. - [Next.js Starter](https://docs.grantex.dev/examples/nextjs-starter.md): Interactive Next.js app showing the full Grantex consent flow. - [OpenAI Agents SDK](https://docs.grantex.dev/examples/openai-agents.md): Scope-enforced tools using the OpenAI Agents SDK. - [Quickstart: Gemma 4 Offline Auth](https://docs.grantex.dev/examples/quickstart-gemma.md): Get offline authorization working with Gemma 4 agents in under 5 minutes. Install @grantex/gemma, create a consent bundle, and verify tokens offline. - [Quickstart (Python)](https://docs.grantex.dev/examples/quickstart-py.md): End-to-end authorization lifecycle with the Python SDK. - [Quickstart (TypeScript)](https://docs.grantex.dev/examples/quickstart-ts.md): End-to-end authorization lifecycle with the TypeScript SDK. - [Token Expiry & Refresh](https://docs.grantex.dev/examples/token-expiry-refresh.md): Time-bound grants with expiry detection and refresh token rotation. - [Vercel AI Chatbot](https://docs.grantex.dev/examples/vercel-ai-chatbot.md): Scope-enforced tools with audit logging using Vercel AI SDK. - [Anomaly Detection](https://docs.grantex.dev/features/anomaly-detection.md): Real-time detection and alerting for unusual AI agent grant activity. - [Consent Bundles](https://docs.grantex.dev/features/consent-bundles.md): Consent bundles package a grant token, JWKS snapshot, and audit signing key for offline-capable authorization. - [DID Infrastructure](https://docs.grantex.dev/features/did-infrastructure.md): W3C Decentralized Identifier (DID) infrastructure for independent credential verification. Resolve did:web:grantex.dev to verify any Grantex-issued credential. - [DPDP & GDPR Compliance Module](https://docs.grantex.dev/features/dpdp-compliance.md): Structured consent records, purpose limitation, right to withdrawal, and audit-ready exports for AI agent deployments. - [FIDO2 / WebAuthn](https://docs.grantex.dev/features/fido-webauthn.md): Passkey-based human presence verification for agent authorization. Cryptographic proof that a real human approved the grant. - [MCP Auth Server](https://docs.grantex.dev/features/mcp-auth-server.md): Production-ready OAuth 2.1 + PKCE authorization server for any MCP server. Managed or self-hosted. - [MPP Agent Passport](https://docs.grantex.dev/features/mpp-agent-passport.md): W3C Verifiable Credential for agent identity in machine-to-machine payments via the Machine Payments Protocol (MPP). - [Offline Authorization](https://docs.grantex.dev/features/offline-authorization.md): How Grantex enables offline authorization for on-device AI agents. Architecture, security model, and limitations. - [SD-JWT (Selective Disclosure)](https://docs.grantex.dev/features/sd-jwt.md): Selective Disclosure JWTs let agents present only the claims needed for a given transaction, enabling privacy-preserving authorization and Verifiable Intent compatibility. - [Trust Registry](https://docs.grantex.dev/features/trust-registry.md): Public directory of verified AI agent publishers with DID-based identity and compliance badges. - [Verifiable Credentials](https://docs.grantex.dev/features/verifiable-credentials.md): W3C Verifiable Credentials issued alongside grant tokens. Portable, tamper-proof proof of agent authorization for any verifier. - [x402 Architecture](https://docs.grantex.dev/features/x402-architecture.md): Architecture overview of Grantex x402 agent spend authorization — components, data flow, and security model. - [GDT Specification](https://docs.grantex.dev/features/x402-gdt-spec.md): Specification of the Grantex Delegation Token (GDT) — a W3C Verifiable Credential 2.0 for agent spend authorization. - [Android + Gemma 4 Guide](https://docs.grantex.dev/guides/android-gemma4.md): Integrate Grantex offline authorization into Android apps running Gemma 4 agents. - [Anomaly Detection Setup](https://docs.grantex.dev/guides/anomaly-detection-setup.md): Configure anomaly detection rules and notification channels for your AI agents. - [Budget & Spending Controls](https://docs.grantex.dev/guides/budget-controls.md): Allocate budgets to grants and track spending with per-transaction debit, threshold alerts, and JWT budget claims. - [Cedar Integration](https://docs.grantex.dev/guides/cedar-integration.md): Use AWS Cedar as your Grantex policy backend - [Compliance Matrix](https://docs.grantex.dev/guides/compliance-matrix.md): How Grantex maps to OWASP Agentic Top 10, EU AI Act, and NIST AI RMF requirements for AI agent security and authorization. - [Custom Domains](https://docs.grantex.dev/guides/custom-domains.md): Use your own domain for Grantex API endpoints (Enterprise) - [Custom Manifests](https://docs.grantex.dev/guides/custom-manifests.md): Define tool manifests for any connector — internal APIs, new SaaS tools, proprietary services. No dependency on Grantex. - [End-User Permission Dashboard](https://docs.grantex.dev/guides/end-user-permissions.md): Give your users a self-service page to view and revoke agent access. - [Enterprise SSO](https://docs.grantex.dev/guides/enterprise-sso.md): Set up OIDC, SAML 2.0, and LDAP single sign-on with multi-IdP connections, domain-based routing, JIT provisioning, and group-to-scope mapping. - [Event Streaming](https://docs.grantex.dev/guides/event-streaming.md): Stream Grantex authorization events in real time via SSE or WebSocket, and forward them to external systems with @grantex/destinations. - [iOS + Gemma 4 Guide](https://docs.grantex.dev/guides/ios-gemma4.md): Integrate Grantex offline authorization into iOS apps running Gemma 4 agents using Swift and CryptoKit. - [MCP Certification Guide](https://docs.grantex.dev/guides/mcp-certification.md): Get your MCP server certified with the Grantex-Auth badge. Bronze, Silver, and Gold tiers. - [Metrics & Observability](https://docs.grantex.dev/guides/metrics-observability.md): Monitor your Grantex deployment with Prometheus metrics, Grafana dashboards, alerting rules, and structured logging. - [Migration Guide](https://docs.grantex.dev/guides/migration.md): Step-by-step guides for migrating to Grantex from API keys or raw OAuth 2.0. - [MPP Integration Guide](https://docs.grantex.dev/guides/mpp-integration.md): Step-by-step guide to adding Grantex agent identity to MPP payment flows — for both agents and merchants. - [OPA Integration](https://docs.grantex.dev/guides/opa-integration.md): Use Open Policy Agent as your Grantex policy backend - [OpenTelemetry Tracing](https://docs.grantex.dev/guides/opentelemetry.md): Instrument your Grantex auth service with OpenTelemetry for distributed tracing and APM. - [Operations](https://docs.grantex.dev/guides/operations.md): Run Grantex in production — health checks, required configuration, graceful shutdown, connection management, and webhook delivery. - [Interactive Playground](https://docs.grantex.dev/guides/playground.md): Try the full Grantex authorization flow in your browser — no signup required. - [Policy-as-Code](https://docs.grantex.dev/guides/policy-as-code.md): Manage Grantex policies in Git with automated sync - [Pulumi](https://docs.grantex.dev/guides/pulumi.md): Use the Grantex Terraform provider with Pulumi via the Terraform bridge. - [Rate Limits](https://docs.grantex.dev/guides/rate-limits.md): Understand and work with Grantex API rate limits. - [Scope Enforcement](https://docs.grantex.dev/guides/scope-enforcement.md): Enforce per-tool permissions on every AI agent tool call using manifests, the enforce() API, and framework integrations. - [Security Best Practices](https://docs.grantex.dev/guides/security-best-practices.md): Harden your Grantex integration with token storage strategies, scope design, revocation handling, and more. - [Security Hardening](https://docs.grantex.dev/guides/security-hardening.md): Enterprise-grade security controls built into the Grantex auth service — headers, rate limiting, CORS, input validation, and more. - [Self-Hosting](https://docs.grantex.dev/guides/self-hosting.md): Run your own Grantex auth service — from local dev to production Kubernetes. - [Datadog Integration](https://docs.grantex.dev/guides/siem-datadog.md): Forward Grantex authorization events to Datadog for centralized logging, dashboards, and anomaly detection monitors. - [S3 & BigQuery Archival](https://docs.grantex.dev/guides/siem-s3-bigquery.md): Archive Grantex authorization events to Amazon S3 and Google BigQuery for compliance, auditing, and long-term analytics. - [Splunk Integration](https://docs.grantex.dev/guides/siem-splunk.md): Forward Grantex authorization events to Splunk via the HTTP Event Collector for search, alerting, and compliance dashboards. - [Terraform Provider](https://docs.grantex.dev/guides/terraform.md): Manage Grantex resources as infrastructure with the official Terraform provider. - [Token Verification Strategy](https://docs.grantex.dev/guides/token-verification.md): Choose between offline, online, and hybrid token verification strategies. - [Troubleshooting](https://docs.grantex.dev/guides/troubleshooting.md): Common issues and solutions when working with the Grantex API and SDKs. - [Trust Registry Setup](https://docs.grantex.dev/guides/trust-registry-setup.md): Register your organization in the Grantex Trust Registry and get verified. - [Usage Metering](https://docs.grantex.dev/guides/usage-metering.md): Track and monitor API usage across your Grantex deployment - [Webhooks](https://docs.grantex.dev/guides/webhooks.md): Receive real-time notifications for grant lifecycle events. - [A2A Protocol Bridge (TypeScript)](https://docs.grantex.dev/integrations/a2a.md): Inject Grantex grant tokens into Google A2A agent-to-agent communication - [A2A Protocol Bridge (Python)](https://docs.grantex.dev/integrations/a2a-py.md): Inject Grantex grant tokens into Google A2A agent-to-agent communication from Python - [Service Provider Adapters](https://docs.grantex.dev/integrations/adapters.md): Pre-built integrations that translate Grantex grants into real API calls. - [Anthropic SDK](https://docs.grantex.dev/integrations/anthropic.md): Scope-enforced tool use, registry, and audit logging for Claude models. - [AutoGen / OpenAI](https://docs.grantex.dev/integrations/autogen.md): Scope-enforced function calling and registry for OpenAI-style agents. - [CLI](https://docs.grantex.dev/integrations/cli.md): Manage agents, grants, audit logs, and more from your terminal. - [Conformance Suite](https://docs.grantex.dev/integrations/conformance.md): Validate that your Grantex server implementation is spec-compliant with automated black-box testing. - [Conformance Results](https://docs.grantex.dev/integrations/conformance-results.md): Latest conformance test results for the Grantex production server. - [CrewAI](https://docs.grantex.dev/integrations/crewai.md): Scope-enforced, audited agent tools for CrewAI. - [DPDP & GDPR Compliance](https://docs.grantex.dev/integrations/dpdp.md): India DPDP Act 2023 and EU GDPR compliance module for AI agent deployments — consent records, purpose limitation, grievances, and audit exports. - [Express.js](https://docs.grantex.dev/integrations/express.md): Grant token verification and scope-based authorization middleware for Express.js. - [FastAPI](https://docs.grantex.dev/integrations/fastapi.md): Grant token verification and scope-based authorization for FastAPI using dependency injection. - [Grantex Gateway](https://docs.grantex.dev/integrations/gateway.md): Zero-code reverse-proxy that enforces grant tokens in front of any API. - [Gemma 4 (On-Device)](https://docs.grantex.dev/integrations/gemma.md): Offline authorization for Gemma 4 on-device AI agents — consent bundles, JWT verification, and tamper-evident audit logging without network calls. - [Google ADK](https://docs.grantex.dev/integrations/google-adk.md): Scope-enforced plain function tools for Google Agent Development Kit. - [LangChain](https://docs.grantex.dev/integrations/langchain.md): Scope-enforced tools and automatic audit logging for LangChain agents. - [MCP Server](https://docs.grantex.dev/integrations/mcp.md): Use Grantex from Claude Desktop, Cursor, or Windsurf via the Model Context Protocol. - [MCP Auth Server](https://docs.grantex.dev/integrations/mcp-auth.md): Drop-in OAuth 2.1 + PKCE authorization server for any MCP server. Powered by Grantex. - [OpenAI Agents SDK](https://docs.grantex.dev/integrations/openai-agents.md): Scope-enforced FunctionTool wrappers for the OpenAI Agents SDK. - [Integrations](https://docs.grantex.dev/integrations/overview.md): Grantex integrates with every major AI agent framework. - [Trust Registry](https://docs.grantex.dev/integrations/registry.md): Public directory of verified AI agent publishers with DID-based identity and compliance badges. - [Vercel AI SDK](https://docs.grantex.dev/integrations/vercel-ai.md): Scope-enforced tools and audit logging for Vercel AI SDK agents. - [x402 Payment Protocol](https://docs.grantex.dev/integrations/x402.md): Agent spend authorization for x402 payment flows — Grantex Delegation Tokens for AI agents paying with USDC on Base L2. - [Introduction](https://docs.grantex.dev/introduction.md): Grantex is the open delegated authorization protocol for AI agents — what OAuth 2.0 is to humans, Grantex is to agents. - [Local Development](https://docs.grantex.dev/local-development.md): Run the full Grantex stack locally with Docker Compose. - [Changelog](https://docs.grantex.dev/protocol/changelog.md): All notable changes to the Grantex project. - [Protocol Specification](https://docs.grantex.dev/protocol/specification.md): Grantex Protocol Specification v1.0 — the full normative document. - [Quickstart](https://docs.grantex.dev/quickstart.md): Get up and running with Grantex in under 5 minutes. - [Gemma 4 SDK](https://docs.grantex.dev/sdks/gemma.md): Complete API reference for @grantex/gemma — offline authorization for Gemma 4 on-device agents. TypeScript and Python. - [Agents](https://docs.grantex.dev/sdks/go/agents.md): Register and manage AI agents - [Anomalies](https://docs.grantex.dev/sdks/go/anomalies.md): Detect and manage security anomalies - [Audit](https://docs.grantex.dev/sdks/go/audit.md): Log and query tamper-evident audit entries - [Authorization](https://docs.grantex.dev/sdks/go/authorization.md): Create authorization requests and manage the consent flow - [Billing](https://docs.grantex.dev/sdks/go/billing.md): Manage subscriptions and billing - [Budgets](https://docs.grantex.dev/sdks/go/budgets.md): Allocate per-grant spending budgets, debit usage, check balances, and view transaction history - [Compliance](https://docs.grantex.dev/sdks/go/compliance.md): Generate compliance reports and evidence packs - [Credentials](https://docs.grantex.dev/sdks/go/credentials.md): Retrieve, verify, and present W3C Verifiable Credentials and SD-JWT selective disclosures - [Domains](https://docs.grantex.dev/sdks/go/domains.md): Register and verify custom domains for your Grantex account via DNS TXT records. - [Error Handling](https://docs.grantex.dev/sdks/go/errors.md): Error types and handling patterns - [Events](https://docs.grantex.dev/sdks/go/events.md): Subscribe to real-time authorization events via Server-Sent Events - [Grants](https://docs.grantex.dev/sdks/go/grants.md): Manage authorization grants and delegation - [Offline Verification](https://docs.grantex.dev/sdks/go/offline-verification.md): Verify grant tokens locally using JWKS without API calls - [Go SDK](https://docs.grantex.dev/sdks/go/overview.md): Official Go SDK for the Grantex delegated authorization protocol - [Passports](https://docs.grantex.dev/sdks/go/passports.md): Issue, retrieve, revoke, and list AgentPassportCredentials for MPP agent identity - [PKCE](https://docs.grantex.dev/sdks/go/pkce.md): Proof Key for Code Exchange (S256) for enhanced security - [Policies](https://docs.grantex.dev/sdks/go/policies.md): Create and manage access policies - [Principal Sessions](https://docs.grantex.dev/sdks/go/principal-sessions.md): Create end-user dashboard sessions - [SCIM](https://docs.grantex.dev/sdks/go/scim.md): SCIM 2.0 user provisioning - [SSO (OIDC + SAML + LDAP)](https://docs.grantex.dev/sdks/go/sso.md): Enterprise single sign-on with multi-IdP connections, SAML 2.0, OIDC, LDAP, JIT provisioning, and domain-based enforcement using the Grantex Go SDK. - [Tokens](https://docs.grantex.dev/sdks/go/tokens.md): Exchange, refresh, verify, and revoke grant tokens - [Usage](https://docs.grantex.dev/sdks/go/usage.md): Track API usage metrics for the current billing period and view historical usage - [Vault](https://docs.grantex.dev/sdks/go/vault.md): Store, retrieve, and exchange encrypted service credentials through the Grantex credential vault - [WebAuthn](https://docs.grantex.dev/sdks/go/webauthn.md): Register and manage FIDO2/WebAuthn passkey credentials for end-users - [Webhooks](https://docs.grantex.dev/sdks/go/webhooks.md): Manage webhook endpoints and verify signatures - [Agents](https://docs.grantex.dev/sdks/python/agents.md): Register, retrieve, update, list, and delete AI agents using the Grantex Python SDK. - [Anomaly Detection](https://docs.grantex.dev/sdks/python/anomalies.md): Detect, list, and acknowledge authorization anomalies using the Grantex Python SDK. - [Audit](https://docs.grantex.dev/sdks/python/audit.md): Log, query, and retrieve tamper-evident audit entries for agent actions using the Grantex Python SDK. - [Authorization](https://docs.grantex.dev/sdks/python/authorization.md): Initiate the delegated authorization flow to request permissions from a user on behalf of an AI agent. - [Billing](https://docs.grantex.dev/sdks/python/billing.md): Manage subscriptions, create checkout sessions, and access the billing portal with the Grantex Python SDK. - [Budgets](https://docs.grantex.dev/sdks/python/budgets.md): Allocate per-grant spending budgets, debit usage, check balances, and view transaction history. - [Compliance](https://docs.grantex.dev/sdks/python/compliance.md): Generate compliance summaries, export grants and audit data, and produce SOC 2/GDPR evidence packs with the Grantex Python SDK. - [Credentials](https://docs.grantex.dev/sdks/python/credentials.md): Retrieve, verify, and present W3C Verifiable Credentials and SD-JWT selective disclosures. - [Domains](https://docs.grantex.dev/sdks/python/domains.md): Register and verify custom domains for your Grantex account via DNS TXT records. - [Enforce](https://docs.grantex.dev/sdks/python/enforce.md): Check whether an agent's grant token permits a specific tool call. Load manifests, call enforce(), and wrap LangChain tools. - [Error Handling](https://docs.grantex.dev/sdks/python/errors.md): Handle API errors, authentication failures, token verification errors, and network issues in the Grantex Python SDK. - [Events](https://docs.grantex.dev/sdks/python/events.md): Subscribe to real-time authorization events via Server-Sent Events. - [Grants](https://docs.grantex.dev/sdks/python/grants.md): Retrieve, list, revoke, delegate, and verify grants using the Grantex Python SDK. - [Offline Verification](https://docs.grantex.dev/sdks/python/offline-verification.md): Verify Grantex grant tokens offline using published JWKS without calling the Grantex API. - [Python SDK](https://docs.grantex.dev/sdks/python/overview.md): Install and configure the Grantex Python SDK for delegated authorization of AI agents. - [Passports](https://docs.grantex.dev/sdks/python/passports.md): Issue, retrieve, revoke, and list AgentPassportCredentials for MPP agent identity. - [PKCE](https://docs.grantex.dev/sdks/python/pkce.md): Use Proof Key for Code Exchange (PKCE) to secure the authorization flow against code interception attacks. - [Policies](https://docs.grantex.dev/sdks/python/policies.md): Create, manage, and enforce authorization policies for fine-grained access control with the Grantex Python SDK. - [Principal Sessions](https://docs.grantex.dev/sdks/python/principal-sessions.md): Generate session tokens for end-users to view and manage their agent permissions. - [SCIM 2.0](https://docs.grantex.dev/sdks/python/scim.md): Provision and manage users via SCIM 2.0, and manage SCIM bearer tokens with the Grantex Python SDK. - [SSO (OIDC + SAML + LDAP)](https://docs.grantex.dev/sdks/python/sso.md): Enterprise single sign-on with multi-IdP connections, SAML 2.0, OIDC, LDAP, JIT provisioning, and domain-based enforcement using the Grantex Python SDK. - [Tokens](https://docs.grantex.dev/sdks/python/tokens.md): Exchange authorization codes for grant tokens, verify tokens online, and revoke tokens. - [Usage](https://docs.grantex.dev/sdks/python/usage.md): Track API usage metrics for the current billing period and view historical usage. - [Vault](https://docs.grantex.dev/sdks/python/vault.md): Store, retrieve, and exchange encrypted service credentials through the Grantex credential vault. - [WebAuthn](https://docs.grantex.dev/sdks/python/webauthn.md): Register and manage FIDO2/WebAuthn passkey credentials for end-users. - [Webhooks](https://docs.grantex.dev/sdks/python/webhooks.md): Register webhook endpoints, receive event notifications, and verify webhook signatures with the Grantex Python SDK. - [Agents](https://docs.grantex.dev/sdks/typescript/agents.md): Register, list, update, and delete AI agents with the Grantex TypeScript SDK. - [Anomaly Detection](https://docs.grantex.dev/sdks/typescript/anomalies.md): Detect, list, and acknowledge anomalous agent behavior patterns. - [Audit](https://docs.grantex.dev/sdks/typescript/audit.md): Log agent actions and query the tamper-evident audit trail. - [Authorization](https://docs.grantex.dev/sdks/typescript/authorization.md): Initiate the delegated authorization flow to request user consent for your agent. - [Billing](https://docs.grantex.dev/sdks/typescript/billing.md): Manage subscriptions and access Stripe checkout and billing portal sessions. - [Budgets](https://docs.grantex.dev/sdks/typescript/budgets.md): Allocate per-grant spending budgets, debit usage, check balances, and view transaction history. - [Compliance](https://docs.grantex.dev/sdks/typescript/compliance.md): Generate compliance summaries, export grants and audit data, and produce evidence packs for SOC 2 and GDPR. - [Credentials](https://docs.grantex.dev/sdks/typescript/credentials.md): Retrieve, verify, and present W3C Verifiable Credentials and SD-JWT selective disclosures. - [Domains](https://docs.grantex.dev/sdks/typescript/domains.md): Register and verify custom domains for your Grantex account via DNS TXT records. - [Enforce](https://docs.grantex.dev/sdks/typescript/enforce.md): Check whether an agent's grant token permits a specific tool call. Load manifests, call enforce(), and wrap LangChain tools. - [Error Handling](https://docs.grantex.dev/sdks/typescript/errors.md): Understand the error hierarchy and handle API, authentication, token, and network errors. - [Events](https://docs.grantex.dev/sdks/typescript/events.md): Subscribe to real-time authorization events via Server-Sent Events. - [Grants](https://docs.grantex.dev/sdks/typescript/grants.md): Manage grants, delegate authorization to sub-agents, and verify tokens via the API. - [Offline Verification](https://docs.grantex.dev/sdks/typescript/offline-verification.md): Verify grant tokens locally using the published JWKS endpoint -- no Grantex API dependency at runtime. - [TypeScript SDK](https://docs.grantex.dev/sdks/typescript/overview.md): Install, configure, and get started with the @grantex/sdk TypeScript SDK. - [Passports](https://docs.grantex.dev/sdks/typescript/passports.md): Issue, retrieve, revoke, and list AgentPassportCredentials for MPP agent identity. - [PKCE](https://docs.grantex.dev/sdks/typescript/pkce.md): Protect the authorization flow with Proof Key for Code Exchange (PKCE) using S256 challenges. - [Policies](https://docs.grantex.dev/sdks/typescript/policies.md): Define allow/deny authorization policies to control agent access. - [Principal Sessions](https://docs.grantex.dev/sdks/typescript/principal-sessions.md): Generate session tokens for end-users to view and manage their agent permissions. - [SCIM 2.0](https://docs.grantex.dev/sdks/typescript/scim.md): Provision and manage users via the SCIM 2.0 protocol, and manage SCIM bearer tokens. - [SSO (OIDC + SAML + LDAP)](https://docs.grantex.dev/sdks/typescript/sso.md): Enterprise single sign-on with multi-IdP connections, SAML 2.0, OIDC, LDAP, JIT provisioning, and domain-based enforcement. - [Tokens](https://docs.grantex.dev/sdks/typescript/tokens.md): Exchange authorization codes for grant tokens, verify tokens online, and revoke them. - [Usage](https://docs.grantex.dev/sdks/typescript/usage.md): Track API usage metrics for the current billing period and view historical usage. - [WebAuthn](https://docs.grantex.dev/sdks/typescript/webauthn.md): Register and manage FIDO2/WebAuthn passkey credentials for end-users. - [Webhooks](https://docs.grantex.dev/sdks/typescript/webhooks.md): Receive real-time notifications for grant and token lifecycle events. - [Security Audit Report](https://docs.grantex.dev/security/audit-report.md): Third-party security assessment by Vestige Security Labs (February 2026). - [Security Policy](https://docs.grantex.dev/security/overview.md): Supported versions, vulnerability reporting, and coordinated disclosure. - [SOC 2 Type I Report](https://docs.grantex.dev/security/soc2-report.md): SOC 2 Type I examination report for the Grantex Delegated Authorization Platform. ## OpenAPI Specs - [openapi](https://docs.grantex.dev/openapi.yaml)