{ "info": { "_postman_id": "agentpki-collection-v1", "name": "AgentPKI", "description": "Cryptographic identity infrastructure for AI agents. Every public endpoint across the AgentPKI verifier, demo issuer, claim API, snapshot store, abuse pipeline, and heuristic check.\n\n**Quick start:** every request uses the environment variables `verifier`, `demo_issuer`, and `marketing_base` (pre-set to the public defaults). Pick a request, hit Send.\n\n**Live demo:** [agentpki.dev/demo](https://agentpki.dev/demo)\n**Spec:** [agentpki.dev/spec/v0.2](https://agentpki.dev/spec/v0.2)\n**API docs:** [agentpki.dev/api-docs](https://agentpki.dev/api-docs)\n**OpenAPI source:** [agentpki.dev/openapi.yaml](https://agentpki.dev/openapi.yaml)", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "variable": [ { "key": "verifier", "value": "https://verify.agentpki.dev", "type": "string" }, { "key": "demo_issuer", "value": "https://demo.agentpki.dev", "type": "string" }, { "key": "marketing_base", "value": "https://agentpki.dev", "type": "string" }, { "key": "sample_token", "value": "", "type": "string", "description": "Populated by the 'Mint demo passport' request's test script — chain mint → verify by running mint first." } ], "item": [ { "name": "1 · Mint (demo issuer)", "description": "Issue PASETO v4.public tokens from the public demo issuer. Use these for testing — no auth required, no real identity claims.", "item": [ { "name": "Mint demo passport", "event": [ { "listen": "test", "script": { "exec": [ "// Save the minted token into the collection variable so the next Verify request can use it.", "const body = pm.response.json();", "if (body.token) {", " pm.collectionVariables.set('sample_token', body.token);", " console.log('Saved token to {{sample_token}}:', body.token.slice(0, 30) + '...');", "}", "pm.test('verdict is allow when verified', function () {", " pm.expect(pm.response.code).to.eql(200);", " pm.expect(body).to.have.property('token');", "});" ], "type": "text/javascript" } } ], "request": { "method": "GET", "url": { "raw": "{{demo_issuer}}/mint?scope=read:articles&sub=agent:postman/v1", "host": ["{{demo_issuer}}"], "path": ["mint"], "query": [ { "key": "scope", "value": "read:articles", "description": "Optional capability scope" }, { "key": "sub", "value": "agent:postman/v1", "description": "Optional agent identifier" } ] } } }, { "name": "Mint passport with REVOKED key (for testing deny)", "request": { "method": "GET", "url": { "raw": "{{demo_issuer}}/mint?revoked=1", "host": ["{{demo_issuer}}"], "path": ["mint"], "query": [{ "key": "revoked", "value": "1", "description": "Sign with the rotated kid that is listed in the issuer's CRL" }] }, "description": "Returns a token signed with `kid: demo-2026-q1-rotated`. The signature is mathematically valid — but verifying this token gives `verdict: deny, failure_reason: revoked_key`." } } ] }, { "name": "2 · Verify", "description": "Hand any PASETO v4.public token to the live verifier. Sub-50ms p99 globally.", "item": [ { "name": "Verify a token", "event": [ { "listen": "test", "script": { "exec": [ "const body = pm.response.json();", "pm.test('response shape', function () {", " pm.expect(body).to.have.property('verdict');", " pm.expect(['allow', 'deny']).to.include(body.verdict);", " pm.expect(body).to.have.property('verifier_id');", " pm.expect(body).to.have.property('elapsed_ms');", "});" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [{ "key": "content-type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"token\": \"{{sample_token}}\"\n}" }, "url": { "raw": "{{verifier}}/v1/verify", "host": ["{{verifier}}"], "path": ["v1", "verify"] }, "description": "After running 'Mint demo passport' once, the token populates `{{sample_token}}` automatically — this Verify request then just works." } } ] }, { "name": "3 · Abuse reporting", "description": "Receiving sites submit reports about bad-actor passports. Aggregated by `(issuer, kid, jti)` in KV; downstream verifiers see the rolled-up score on subsequent /v1/verify calls.", "item": [ { "name": "Report abuse", "request": { "method": "POST", "header": [{ "key": "content-type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"token\": \"{{sample_token}}\",\n \"category\": \"scrape_excess\",\n \"detail\": \"Hit our /search endpoint 4200 times in 60s\",\n \"reporter_url\": \"https://example.com\"\n}" }, "url": { "raw": "{{verifier}}/v1/abuse", "host": ["{{verifier}}"], "path": ["v1", "abuse"] } } } ] }, { "name": "4 · Snapshots (shareable verification results)", "description": "Persist a verification result, share it via permalink. Powers `agentpki.dev/check/result/` URLs.", "item": [ { "name": "Store a verification snapshot", "request": { "method": "POST", "header": [{ "key": "content-type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"input\": \"{{sample_token}}\",\n \"result\": {\n \"verdict\": \"allow\",\n \"verifier_id\": \"agentpki-verifier-edge\",\n \"elapsed_ms\": 240\n },\n \"ttl_seconds\": 86400\n}" }, "url": { "raw": "{{verifier}}/v1/verification/store", "host": ["{{verifier}}"], "path": ["v1", "verification", "store"] } } }, { "name": "Fetch a verification snapshot", "request": { "method": "GET", "url": { "raw": "{{verifier}}/v1/verification/REPLACE_WITH_ID", "host": ["{{verifier}}"], "path": ["v1", "verification", "REPLACE_WITH_ID"] }, "description": "Replace `REPLACE_WITH_ID` in the URL with the ID returned by the Store request." } } ] }, { "name": "5 · Heuristic check", "description": "Domain reputation check against a 5,000-domain phishing list (PhishStats + OpenPhish + URLhaus, refreshed daily).", "item": [ { "name": "Heuristic check on URL or token", "request": { "method": "POST", "header": [{ "key": "content-type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"input\": \"https://example.com/api/articles/123\"\n}" }, "url": { "raw": "{{verifier}}/v1/heuristic", "host": ["{{verifier}}"], "path": ["v1", "heuristic"] } } } ] }, { "name": "6 · Issuer directory + CRL", "description": "Standard issuer directory at .well-known. Lists current_keys, revoked_keys, contact info.", "item": [ { "name": "Fetch demo issuer directory", "request": { "method": "GET", "url": { "raw": "{{demo_issuer}}/.well-known/agentpki-issuer.json", "host": ["{{demo_issuer}}"], "path": [".well-known", "agentpki-issuer.json"] } } } ] }, { "name": "7 · Bootstrap claim (one-shot signup)", "description": "Convenience flow used by the bootstrap script. Derives a per-email demo subdomain, mints a passport, verifies it, stores the result — all in one round-trip.", "item": [ { "name": "Bootstrap claim", "request": { "method": "POST", "header": [{ "key": "content-type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"email\": \"you@example.com\"\n}" }, "url": { "raw": "{{marketing_base}}/api/v1/bootstrap-claim", "host": ["{{marketing_base}}"], "path": ["api", "v1", "bootstrap-claim"] } } } ] } ] }