Skip to main content

Overview

The grants client manages authorization grants — the records that track which users have authorized which agents with which scopes. Grants also support delegation, where a parent agent can create a sub-grant for a child agent. Access the grants client via client.grants.

Get

Retrieve a single grant by its ID:

List

List grants with optional filters:

ListGrantsParams

ListGrantsResponse

Revoke

Revoke a grant by its ID. This immediately invalidates the grant and any tokens issued under it:

Delegate

Create a delegated sub-grant for a child agent. The sub-agent receives a subset of the parent grant’s scopes:

Parameters

All parameters are keyword-only.

Verify

Verify a grant token online against the Grantex API. The SDK uses the server-verified claims returned by POST /v1/grants/verify — it does not decode the caller-supplied token locally, so forged or tampered tokens are always rejected by the server before any claim is surfaced. Raises GrantexTokenError if the server reports the token as inactive (revoked, expired, or unknown):
Returns a VerifiedGrant dataclass. See Offline Verification for the full field reference.
For local signature-and-claim verification without the online revocation endpoint, use verify_grant_token(). The standalone helper still fetches the remote JWKS on every invocation.

Grant Type

The Grant frozen dataclass has the following fields:

Example: Delegation Chain

Last modified on July 11, 2026