Skip to main content

1. Install the SDK

This guide targets TypeScript 0.3.13, Python 0.3.14, Go v0.1.10 (which requires Go 1.26.1+), and MCP Auth 2.0.2. See Release Status for publication details and upgrade guidance.

2. Register your agent

Go SDK v0.1.10 expects an id response field while the current API returns agentId, so agent.ID is empty after registration. The Go example derives agentID from the stable did:grantex:<agentId> value until a corrected SDK release is published. Add strings to your imports.

3. Request authorization from a user

4. Exchange the code for a grant token

After the user approves, your redirect URI receives an authorization code. Exchange it for a signed grant token:

5. Verify token signatures and claims locally

Local verification retrieves or reuses the issuer’s JWKS and checks the token’s signature and claims. It does not prove current revocation unless the verifier performs an online state check or synchronizes revocation data.

6. Log every action

Go SDK v0.1.10 cannot send the current audit-log contract: its LogAuditParams omits the required agentDid and principalId fields. Use the CLI or call POST /v1/audit/log directly for this optional step until a corrected Go SDK release is published.

Next steps

Core Concepts

Learn about the three primitives: agent identity, delegated grants, and audit trails.

Local Development

Run the full stack locally with Docker Compose and sandbox mode.

TypeScript SDK

Full API reference for the TypeScript SDK.

Python SDK

Full API reference for the Python SDK.

Go SDK

Full API reference for the Go SDK.

CLI

83 commands with —json support for scripting and AI agents.
Last modified on July 12, 2026