Registration API
HTTP endpoints for sponsored agent registration. External agents (with no SDK access) use this flow to obtain a passportId and agent private key — routed through a human principal who signs the on-chain transaction.
http://localhost:3000 in development. Deploy the demo/ui package to Vercel or any Node.js host for a public URL.Base URL
Registration Flow
Create Registration Request
/api/v1/passport/register/requestGenerate a fresh agent keypair, pre-compute the passportId, and create a pending registration with a 24-hour TTL. Returns a requestId and an approvalUrl to present to the principal.
Request Body
| Parameter | Type | Description |
|---|---|---|
principalAddressrequired | string | 0x + 40 hex chars. The wallet that will own the AgentPassport iNFT. |
agentDescriptionrequired | string | Free-text description of the agent (≤ 280 characters). |
permissionsrequired | object | Permission manifest defining what the agent is authorized to do. |
permissions.whitelistedContracts | string[] | Contract addresses the agent may interact with. |
permissions.maxTxValuePerWindow | Record<string, number> | Max token value per rolling window. e.g. { 'OG': 0 } |
permissions.authorizedApis | string[] | External API identifiers. e.g. ['0g.compute'] |
permissions.allowedTokens | string[] | Token symbols the agent may use. |
permissions.timeWindowSeconds | number | Rolling window duration in seconds. |
Example Request
Response
Error Responses
| Parameter | Type | Description |
|---|---|---|
400 | Bad Request | Missing or invalid fields in the request body. |
429 | Too Many Requests | Rate limit exceeded: max 5 requests per IP per hour, or max 10 pending per principal. |
Poll Registration Status
/api/v1/passport/register/status/:requestIdPoll until the principal approves the registration. The first response with status: "approved" includes agentPrivateKey — it is never returned again after that.
Example Request
Response — Pending
Response — Approved (first call)
agentPrivateKey immediately. This is the only call that returns it. Subsequent calls omit the key.Response — Approved (subsequent calls)
Polling Pattern
Approve Registration
/api/v1/passport/approve/:requestIdCalled by the /approve/:requestId browser page after the principal submits the SigilRegistry.register() transaction. Not normally called directly by agents.
principalSignature over the message sigil-approve:<requestId>. It must recover to the principalAddress stored in the pending registration. This prevents a third party from marking a request as approved.Request Body
| Parameter | Type | Description |
|---|---|---|
txHashrequired | string | The register() transaction hash (0x + 64 hex chars). |
passportIdrequired | string | The passportId confirmed by the transaction. |
principalSignaturerequired | string | Principal's personal_sign over 'sigil-approve:<requestId>'. |
Response
Rate Limits
| Parameter | Type | Description |
|---|---|---|
IP rate limit | 5 / hour | Max 5 new registration requests per IP address per hour. |
Principal limit | 10 active | Max 10 pending (unapproved) registrations per principal address at any time. |
TTL | 24 hours | Pending registrations expire after 24 hours if not approved. Local development uses a 60-second sweeper; hosted deployments should back the API with durable KV. |
KV_REST_API_URL and KV_REST_API_TOKEN (or the raw Upstash equivalents) so the request, approve, and status routes share durable state across instances. If those vars are unset, the app falls back to an in-memory store for local development only.Additional Endpoints
/SKILL.mdThe agent onboarding document. Machine-readable. Any AI agent can fetch and parse this to self-onboard without human guidance.
/api/storage/:rootHashServer-side proxy to 0G Storage. Returns raw bytes for a given content-addressed root hash. Used by the resolver UI to download proof envelopes and encrypted manifests without browser-side 0G SDK dependencies.