Embeddable widget · v0.1.0
Two APIs from one script tag. Web component for frameworks, data-attribute for plain HTML.
Each badge makes one POST to verify.agentpki.dev
and renders the verdict — verified, revoked, or unverified. Shadow DOM, no global CSS leaks.
2.7 KB gzipped. SRI-pinned.
Clean DOM API. Works with React (use className), Vue, Svelte, Astro, plain HTML. Re-renders when the token attribute changes.
<script src="https://agentpki.dev/v1/widget.min.js"
integrity="sha256-k5US28lf24FnrIl/YtdxLEBc1CVGxHsHsg/Pu6ECt+4="
crossorigin="anonymous" async></script>
<agentpki-verify token="v4.public.AAAA.BBBB"></agentpki-verify>
Attributes: token (required), size (small / medium / large), theme (light / dark / auto).
Click "Mint demo token" — every badge below verifies the same freshly-minted token against the live verifier. Try "Mint revoked token" to watch them all flip to red.
theme="light"
theme="dark"
For when you can't use custom elements (older marketing pages, CMS templates, hand-written HTML). Same widget, plain <div>.
<div data-agentpki-verify="v4.public.AAAA.BBBB"
data-agentpki-size="large"
data-agentpki-theme="auto"></div>
<script src="https://agentpki.dev/v1/widget.min.js" async></script>Auto-discovers new badges (MutationObserver), so SPAs that inject DOM after load work too.
Three URLs depending on your update appetite:
/v1/widget.min.js latest stable, 1-hour cache Patch fixes land here automatically. Use for marketing sites.
/v1/widget-v0.1.0.min.js immutable, 1-year cache Pin this. Cryptographically identical bytes forever. Pair with SRI for vendor compliance.
/widget.js readable source Unminified, commented. Use during development to read what it does.
SRI hash · v0.1.0
sha256-k5US28lf24FnrIl/YtdxLEBc1CVGxHsHsg/Pu6ECt+4=