Guide

How to verify AI agent JWTs

Honor only the requests that carry a valid, in-scope, unexpired agent token.

Agents authenticate to your API with short-lived tokens. To trust a request, you need to verify the token’s signature, the agent’s identity, the granted scope, and that it hasn’t expired. MudraID issues these short-lived tokens and gives you the means to verify them.

What to verify on every request

Signature — the token is genuine and untampered.
Identity — which agent, and the principal it acts for.
Scope — the action requested is within what was delegated.
Freshness — the short-lived token is still valid and not revoked.

MudraID performs this signature, identity, and scope verification in real time, and records the outcome in an append-only audit trail.

Build it with MudraID

Explore the platform features, see pricing (free to test, pay in production), or talk to us. Ready to start? Request access.