APIS v2.0 Standard

The Agent Passport Issuance Standard defines verifiable agent legal identity, realm-scoped DIDs, hardware trust anchors, mandates, and revocation.

What is APIS?

APIS v2.0 is the current canonical Passport Alliance standard for autonomous AI agents. It supersedes APIS v1.0 and adds Machine Passports, TPM 2.0 and vTPM trust anchors, DNSSEC-anchored identity, software trust tiers, and APIS-APP automated provisioning.

What APIS Is

  • A standard for verifiable credentials tied to agent identity
  • A framework for explicit authorization scopes and mandates
  • A revocation mechanism based on status checks and monotonic nonce increments
  • A delegation chain linking agents back to authorizing principals
  • A trust-tier model spanning physical TPM, virtual TPM, DNSSEC, software HSM, and development keys

What APIS Is Not

  • Not an authentication protocol for human users
  • Not a replacement for OAuth 2.0 or OpenID Connect
  • Not a blockchain or specific cryptocurrency technology
  • Not a proprietary vendor solution

Core Components

Credentials

Agent Passports and Machine Passports issued by recognized Realm Issuers. Passports bind keys, principals, mandates, DIDs, trust tiers, issuer metadata, and validity periods.

Mandates

Principal-signed authorization documents that define the delegate relationship, permitted actions, authority boundaries, and operating conditions.

Signatures

Cryptographic signatures that bind credentials and mandates together, ensuring non-repudiation and enabling verifiers to validate the entire trust chain.

Revocation

Issuer status endpoints and nonce increments allow verifiers to reject stale credentials or signed actions immediately after suspension or revocation.

Hardware Trust Anchors

APIS v2.0 records the strength of the underlying key custody environment, from Tier 1 physical TPM 2.0 to Tier 4 development keys.

Explore the Documentation

Credential Specification

Detailed specification for credential structure, issuance, and verification.

Mandate Format

How to structure authorization mandates with explicit scopes and conditions.

Issuer Requirements

Requirements and governance for organizations issuing APIS credentials.

API Reference

Technical API documentation for implementing APIS in your systems.

Read the Full Specification

Access the canonical APIS v2.0 publication and implementation guidance.

View DOI Publication