Now in Private Beta

Your CAPTCHA is blocking agents that want to buy things from you

Credential is a drop-in CAPTCHA replacement that lets good agents in while still blocking the bad guys.

Request Access View Documentation
01

Verify identity

User proves to us who they are

02

Token issued

Agent gets cryptographic credential

03

Present on request

Agent shows proof at your site

04

Risk profile returned

You decide: allow, challenge, or block

How It Works

Cryptographic proof, not friction

Users verify their identity once. Their agents carry cryptographic credentials that link back to real people you can contact and hold accountable.

1

User Verification

Users prove their identity once through our verification flow. Standard OAuth, or KYC-level verification for high-security use cases.

2

Credential Issuance

We issue cryptographic credentials to their agents—unforgeable proof that the bot is authorized by a verified human.

3

Challenge & Verify

Your site challenges incoming requests. Valid credentials pass instantly. No puzzles, no delays for legitimate agents.

4

Abuse Reporting

Report bad actors back to the network. Abuse by one agent affects credentials across all sites for accountability at scale.

Features

Built for the agent economy

Everything you need to welcome AI agents while maintaining control.

Zero Friction

Legitimate agents verify in milliseconds. No puzzles, no waiting. Humans and bots both get seamless access.

Network Effects

When one site reports abuse, the entire network is protected. Bad actors can't just move to a different target.

Real Identity

Get the name, email, and phone of the human behind every agent. Real accountability, not anonymous tokens.

KYC Tiers

Basic email verification or full KYC—you decide what level of accountability your use case requires.

Drop-in SDK

One line to protect an endpoint. Works with any stack—JavaScript, Python, Go, Ruby, and more.

Analytics Dashboard

See exactly who's accessing your site—verified humans, legitimate agents, and blocked threats.

// Protect any endpoint in one line
import { credential } from '@credential/sdk';

app.post('/api/checkout', 
  credential.verify(),
  async (req, res) => {
    // Only verified agents reach here
    const { userEmail, userPhone, agentEmail } = req.credential;
    
    // Process the request...
    await processCheckout(req.body);
    
    res.json({ success: true });
});

// Report abuse when it happens
credential.report(req.credential, {
  reason: 'credit_card_testing',
  severity: 'high'
});

Integrate in minutes, not weeks

Our SDK handles the cryptographic verification. You just wrap your endpoints and decide what level of trust you require.

Works with Express, Fastify, Hono, and more
Python, Go, and Ruby SDKs available
Edge-compatible for Cloudflare Workers
Under 5KB gzipped, zero dependencies

Ready to welcome the agents?

Join the private beta and help shape the future of identity for AI.

Request Beta Access