VerifiedProxy Documentation

The identity layer for agentic AI. Register your agents, attach verified credentials, and let websites know exactly who is visiting.

Quick Start
Go from zero to a verified agent in under 5 minutes with our CLI.
🤖
Register Agents
Create agents with scopes and unique credentials.
🔌
API Reference
Full endpoint documentation with curl examples and response schemas.
🌐
Website Integration
Verify incoming agents on your website in any language or framework.

How It Works

VerifiedProxy connects three parties in a trust chain:

  1. Your Organization Signs Up

    Create an account at app.verifiedproxy.com/signup and receive your organization API key. This key is used to register agents under your org.

  2. Register an Agent

    Use our CLI (npx verifiedproxy install) to register an agent. You define its name and scopes (e.g., browse, data-collect). The agent receives a unique ID and secret.

  3. Start the Proxy

    Run npx verifiedproxy proxy to start a local proxy that intercepts your agent's HTTP traffic. It automatically creates sessions and attaches identity headers to every request.

  4. Websites Verify

    Any website receiving traffic from your agent can call our public verification endpoint to confirm the agent's identity, organization, scopes, and session validity — no API key needed.

Core Concepts

Organizations

An organization is a company or team that owns AI agents. When you sign up, you create an org and receive an API key (prefixed vp_sk_live_). Use this key to register agents under your org.

Agents

An agent is an AI system (like Claude Code) that browses the web on behalf of your org. Each agent has a unique ID (prefixed ag_), defined scopes, and an agent secret for authentication.

Sessions

A session is a time-limited verification token created when your agent visits a domain. Sessions last 10 minutes and are scoped per-domain. Websites use the session ID alongside the agent ID to verify requests.

Scopes

Scopes declare what an agent is authorized to do. Examples include browse, form-fill, and data-collect. Websites can check scopes to make access decisions.

Architecture

Diagram 

  ┌─────────────┐     ┌───────────────────┐     ┌──────────────┐
  │  Your Agent  │────▶│  Local VP Proxy    │────▶│   Website    │
  │ (Claude Code)│     │  (port 8099)       │     │              │
  └─────────────┘     └────────┬───────────┘     └──────┬───────┘
                               │                         │
                               │ Creates sessions        │ Verifies agent
                               ▼                         ▼
                      ┌───────────────────┐     ┌──────────────┐
                      │  VerifiedProxy    │◀────│  Public API  │
                      │  Central API      │     │  (no auth)   │
                      └───────────────────┘     └──────────────┘

The local proxy runs on your agent's machine and intercepts outbound traffic. For HTTP requests, it adds identity headers directly. For HTTPS requests, it creates sessions server-side so websites can look up the agent's identity by domain.

ℹ️
Agent secrets never leave your machine. They're only used by the local proxy to authenticate with the VerifiedProxy API. Websites verify agents through the public endpoint without needing any credentials.
© 2026 VerifiedProxy Next: Quick Start →