Grantex lets humans authorize AI agents with verifiable, revocable, audited grants — an open protocol built on JWT and the OAuth 2.0 model.
Today's AI frameworks offer no standard way to authorize, audit, or revoke what agents do on behalf of humans.
Agents invoke APIs, read files, and send emails — with no verifiable proof that a human consented. If something goes wrong, there's no audit trail to follow.
Once an agent has a credential, revoking it requires hunting down every token manually. There's no standard for instant, cascading invalidation across sub-delegations.
Compliance requires knowing exactly what each agent did, when, and under whose authority. Without a tamper-evident audit trail, you're flying blind.
Four steps from consent to revocation, all enforced by cryptography.
Your app calls POST /v1/authorize
with the agent ID, user ID, and requested scopes. Grantex returns
a consent URL — redirect the user there.
The user sees exactly what the agent wants to do, described in plain English. One click — approved. The auth service issues a signed JWT grant token (RS256, JTI-tracked).
Present the token to any microservice. It verifies the RS256 signature
against the public JWKS without a network round-trip, or calls
POST /v1/tokens/verify for
real-time revocation status.
Call POST /v1/tokens/revoke.
The JTI is blocklisted in Redis immediately. All sub-delegated tokens
derived from this grant are invalidated in the same operation.
Install the SDK and authorize your first agent in under 10 lines.
// npm install @grantex/sdk import { Grantex } from '@grantex/sdk'; const grantex = new Grantex({ apiKey: 'YOUR_API_KEY' }); const { consentUrl } = await grantex.authorize({ agentId: 'ag_01J...', userId: 'usr_01J...', scopes: ['files:read', 'email:send'], }); // Redirect user to consentUrl — they approve in plain language console.log(consentUrl);
# pip install grantex from grantex import Grantex client = Grantex(api_key="YOUR_API_KEY") result = client.authorize( agent_id="ag_01J...", user_id="usr_01J...", scopes=["files:read", "email:send"], ) # Redirect user to result.consent_url print(result.consent_url)
Drop Grantex into any AI framework or language runtime.
Security audited, standards-track, open source.
External security review found no critical or high severity findings. Full report available to enterprise customers under NDA.
Controls for Security, Availability, and Confidentiality trust service criteria reviewed and attested by an independent CPA firm.
The Grantex wire protocol is an open IETF Internet-Draft
(draft-mishra-oauth-agent-grants-00),
built on the OAuth 2.0 framework.
Define fine-grained scope restrictions, rate limits, and time-bound grants per agent or team.
Sync agents and principals from your identity provider automatically.
Sign in with Okta, Azure AD, Google Workspace, or any OIDC provider.
ML-based detection of unusual grant patterns with real-time alerting.
SOC 2, HIPAA, and GDPR-ready audit log exports in standard formats.
Self-host the entire stack with our production Docker Compose configuration.
We work directly with engineering and security teams to design the right integration. Volume pricing and custom SLAs available.
Contact us →