# Conversint Agent Auth

Conversint's current public agent API is read-only and supports anonymous access for service discovery. Agents do not need an API key to call GET /api/services, GET /api/services/{id}, GET /openapi.json, or POST /api/mcp for public service metadata.

## Discover

Agents should discover auth requirements from https://conversint.ai/.well-known/oauth-protected-resource and the OpenAPI spec at https://conversint.ai/openapi.json.

## Pick a method

agent_auth supports anonymous access today. The supported identity type is anonymous. Future partner integrations may add identity_assertion support after a commercial agreement.

## Register

register_uri: https://conversint.ai/api/agent/auth/register

Anonymous public API callers do not need to register. The register endpoint is published for agent discovery and returns JSON guidance.

## Claim

claim_uri: https://conversint.ai/api/agent/auth/claim

There is no bearer token claim required for anonymous read-only service discovery.

## Use the credential

Call public endpoints directly. If a future protected endpoint returns 401, read the WWW-Authenticate Bearer resource_metadata value and follow the linked protected-resource metadata.

## Errors

API errors are JSON objects with error.code, error.message, and error.resolution fields when applicable.

## Revocation

revocation_uri: https://conversint.ai/api/agent/auth/revoke

No revocation is needed for anonymous public access. Partner credentials, if issued in the future, will be revocable through the published revocation URI.

## Spec Keywords

agent_auth, register_uri, identity_assertion, id-jag, WWW-Authenticate, anonymous.
