Skip to main content

Overview

The passports client manages AgentPassportCredentials — W3C VC 2.0 credentials that bind agent identity, human delegation, and spending limits for machine payment flows. Access the passports client via client.passports.

Issue

Issue a new AgentPassportCredential for an agent with an active grant. 
from grantex import Grantex, IssuePassportParams, MaxTransactionAmount

with Grantex(api_key="gx_live_...") as client:
    passport = client.passports.issue(IssuePassportParams(
        agent_id="ag_01HXYZ...",
        grant_id="grnt_01HXYZ...",
        allowed_mpp_categories=["inference", "compute"],
        max_transaction_amount=MaxTransactionAmount(amount=50, currency="USDC"),
        payment_rails=["tempo"],
        expires_in="24h",
    ))

    print(f"Passport ID: {passport.passport_id}")
    print(f"Encoded: {passport.encoded_credential}")
    print(f"Expires: {passport.expires_at}")

IssuePassportParams

ParameterTypeRequiredDescription
agent_idstrYesGrantex agent ID (ag_...).
grant_idstrYesActive grant ID (grnt_...).
allowed_mpp_categorieslist[str]YesMPP categories: inference, compute, data, etc.
max_transaction_amountMaxTransactionAmountYesMax per-transaction amount with currency.
payment_railslist[str] | NoneNoPayment networks (default: ["tempo"]).
expires_instr | NoneNoExpiry duration (e.g., "24h"). Max: "720h".
parent_passport_idstr | NoneNoParent passport ID for delegated sub-agent passports.

IssuedPassportResponse

FieldTypeDescription
passport_idstrurn:grantex:passport:<ulid>
credentialdict[str, Any]Full AgentPassportCredential JSON.
encoded_credentialstrBase64url-encoded credential for headers.
expires_atstrISO 8601 expiry timestamp.

Errors

CodeHTTPCause
INVALID_AGENT400Agent not found or not owned by developer.
INVALID_GRANT400Grant not found, revoked, or not owned by agent.
SCOPE_INSUFFICIENT400Grant missing required payments:mpp:* scopes.
AMOUNT_EXCEEDS_BUDGET400Max amount exceeds remaining budget allocation.
INVALID_EXPIRY422Expiry exceeds 720 hours.

Get

Retrieve a passport by ID. Returns the current status and raw data. 
from grantex import Grantex

with Grantex(api_key="gx_live_...") as client:
    record = client.passports.get("urn:grantex:passport:01HXYZ...")

    print(f"Status: {record.status}")  # "active" | "revoked" | "expired"

Parameters

ParameterTypeRequiredDescription
passport_idstrYesThe passport URN identifier.

GetPassportResponse

FieldTypeDescription
statusstrCurrent status: active, revoked, or expired.
rawdict[str, Any]Full raw response data.

Revoke

Revoke a passport immediately. Flips the StatusList2021 bit so offline verifiers see the revocation. 
from grantex import Grantex

with Grantex(api_key="gx_live_...") as client:
    result = client.passports.revoke("urn:grantex:passport:01HXYZ...")

    print(f"Revoked: {result.revoked}")      # True
    print(f"Revoked at: {result.revoked_at}") # "2026-03-20T03:14:15.261Z"

Parameters

ParameterTypeRequiredDescription
passport_idstrYesThe passport URN identifier.

RevokePassportResponse

FieldTypeDescription
revokedboolAlways True on success.
revoked_atstrISO 8601 revocation timestamp.

List

List passports with optional filters. Returns a bare array from the API. 
from grantex import Grantex, ListPassportsParams

with Grantex(api_key="gx_live_...") as client:
    result = client.passports.list(ListPassportsParams(
        agent_id="ag_01HXYZ...",
        status="active",
    ))

    for p in result.passports:
        print(f"{p.passport_id} expires {p.expires_at}")

ListPassportsParams

ParameterTypeRequiredDescription
agent_idstr | NoneNoFilter by agent ID.
grant_idstr | NoneNoFilter by grant ID.
statusstr | NoneNoFilter by status: active, revoked, expired.

ListPassportsResponse

FieldTypeDescription
passportstuple[IssuedPassportResponse, ...]Matching passport records.