# Agent Analytics auth.md

Agent Analytics supports auth.md-style agent discovery and user-claimed registration for scoped agent sessions.

## Service

- Resource: https://api.agentanalytics.sh
- OAuth Protected Resource Metadata: https://api.agentanalytics.sh/.well-known/oauth-protected-resource
- Authorization Server Metadata: https://api.agentanalytics.sh/.well-known/oauth-authorization-server
- Agent registration endpoint: https://api.agentanalytics.sh/agent/auth

## Supported flow

Agents can request a user-claimed credential. The human approves in the browser with Agent Analytics Google OAuth by default. GitHub OAuth is also supported when requested. Agent Analytics then issues a scoped service-owned agent session credential with the aas_ prefix.

Email OTP is not required. Agent Analytics account identity remains the source of truth.

## Example

POST https://api.agentanalytics.sh/agent/auth

```json
{
  "type": "user_claimed",
  "claim_method": "google_oauth",
  "requested_credential_type": "access_token",
  "requested_scopes": ["projects:read", "analytics:read"],
  "client_name": "Example Agent"
}
```

Response includes a browser claim URL, a claim token, expiry, and granted scopes. After approval, exchange with https://api.agentanalytics.sh/agent/auth/claim/complete.

## Scopes

- account:read
- projects:read
- projects:write
- analytics:read
- experiments:read
- experiments:write
- feedback:write
- live:read

## Not yet compatible

ID-JAG trusted-provider verification and anonymous restricted pre-claim credentials are planned but not advertised as supported yet.