AgentAdmit SDK: user-mediated AI agent authorization for any app
Project description
AgentAdmit SDK for Python
User-mediated AI agent authorization for Python apps. Supports FastAPI, Flask, and Django.
Get started: Sign up at agentadmit.com and get your test keys. Install the SDK and build. Test Mode keys are available immediately after signup. Live keys become available when you subscribe an app.
Quick Start
Requires Python 3.10+ (the install fails on 3.9 and older with a confusing resolver error — check python3 --version first).
pip install agentadmit
agentadmit init
Edit agentadmit.yaml to define your scopes, then add to your FastAPI app:
from fastapi import FastAPI, Depends
from agentadmit import AgentAdmitMiddleware, require_scope_if_agent, get_current_user_or_agent
app = FastAPI()
# One-line setup
app.add_middleware(
AgentAdmitMiddleware,
config_path="agentadmit.yaml",
get_current_user=your_auth_dependency,
verify_user_token=your_token_verifier,
users_collection="users",
)
# Add scope enforcement to any route
@app.get("/api/orders")
async def get_orders(
auth_ctx=Depends(get_current_user_or_agent),
_scope=Depends(require_scope_if_agent("read:orders")),
):
user = auth_ctx["user"]
# Your existing logic - unchanged
return {"orders": get_orders_for_user(user["user_id"])}
Your app now supports AI agent connections with:
- Scoped access control (you define the scopes)
- User-controlled connection duration
- Token generation and exchange
- Revocation
- Audit logging
How It Works
- User clicks "AgentAdmit" in your app
- Selects scopes and connection duration
- Gets a token to give to their AI agent
- Agent exchanges the token for scoped API access
- User revokes anytime
The token goes to the human, not the agent. No automated delivery = no prompt injection surface.
CLI
agentadmit init # Generate agentadmit.yaml config file
agentadmit check # Validate configuration and show scope summary
agentadmit sync # Sync scopes from agentadmit.yaml to the hosted service
agentadmit keys # Prints a deprecation notice (hosted service holds keys)
Flask Integration
from flask import Flask
from agentadmit.integrations.flask_integration import AgentAdmitFlask
app = Flask(__name__)
aa = AgentAdmitFlask(app, config_path="agentadmit.yaml")
@app.route('/api/orders')
@aa.require_scope_if_agent('read:orders')
def get_orders():
return get_user_orders()
Django Integration
# settings.py
AGENTADMIT_CONFIG = {
'APP_ID': 'app_yourappid',
'API_KEY': 'aa_test_yourkey',
'VERIFY_URL': 'https://api.agentadmit.com/api/v1/verify',
}
# views.py
from agentadmit.integrations.django_integration import require_scope_if_agent
@require_scope_if_agent('read:orders')
def get_orders(request):
return get_user_orders(request)
MCP Server Integration
Building an MCP server in Python? AgentAdmit is the auth layer. MCP servers are app owners. Same SDK, same pricing.
For STDIO transport (most MCP servers), the agent includes the token in tool arguments:
import requests
import os
AGENTADMIT_VERIFY_URL = "https://api.agentadmit.com/api/v1/verify"
AGENTADMIT_API_KEY = os.environ["AGENTADMIT_API_KEY"]
def handle_tool_call(name: str, arguments: dict) -> dict:
# 1. Extract token from tool arguments
token = arguments.pop("agentadmit_token", None)
if not token:
raise PermissionError("agentadmit_token required")
# 2. Validate via AgentAdmit hosted service
resp = requests.post(
AGENTADMIT_VERIFY_URL,
headers={
"Authorization": f"Bearer {AGENTADMIT_API_KEY}",
"Content-Type": "application/json",
},
json={"token": token},
timeout=5,
)
if resp.status_code != 200:
raise RuntimeError(f"AgentAdmit verification failed: {resp.status_code}")
ctx = resp.json()
# Invalid / expired / revoked tokens return HTTP 200 with active: false
if not ctx.get("active"):
raise PermissionError("Invalid or expired token")
# 3. Check scope for this tool
required_scope = SCOPE_MAP.get(name)
if required_scope and required_scope not in ctx.get("scopes", []):
raise PermissionError(f"Missing scope '{required_scope}'")
# 4. Run the tool
return TOOL_HANDLERS[name](arguments, ctx)
For HTTP transport (FastAPI-based MCP servers), use the full SDK middleware. The agent sends the token via Authorization: Bearer header, same as any HTTP API.
Full MCP integration guide with complete before/after examples: agentadmit.com/docs/mcp-guide
MCP operators: You also get admin scopes for your own AI agent to monitor your server and full audit trail for billing. See the Admin Panel section in the dashboard for details.
Important
Mandatory introspection. All token validation goes through api.agentadmit.com. There is no self-hosted mode. No local JWT validation. No bypass. This is required for security, audit logging, and scope enforcement.
User revocation. Users can revoke any of their own agent connections via DELETE /agentadmit/connections/{connection_id} (requires the user to be authenticated via your app's session). The SDK router registers this endpoint when you call create_agentadmit_router().
In-app AI scopes. If your app has built-in AI features (analysis, plan generation, photo recognition), do not expose those as agent scopes. The user's AI agent can read the raw data and do the analysis itself. Exposing in-app AI endpoints to agents creates double cost.
Consent Ledger (Caller-Identity Consent)
AgentAdmit can host per-user consent switches for three independent caller classes: human_session, in_app_ai, and external_agent. No class's setting implies another's.
External agents: the verify response already carries the verdict; it appears on the agent context as auth_ctx["consent"] when present. The hosted service deliberately omits the verdict when its consent store is unreadable (degraded mode), so treat an absent verdict as unresolved, never as a grant — resolve it with check_consent:
consent = auth_ctx.get("consent")
if not (isinstance(consent, dict) and isinstance(consent.get("granted"), bool)):
consent = check_consent(auth_ctx["user"]["user_id"], "external_agent") # fail closed on error
if consent["granted"] is not True:
raise HTTPException(403, "The data owner has not enabled external agent access.")
Human sessions and in-app AI never hold AgentAdmit tokens, so ask directly:
from agentadmit import check_consent
verdict = check_consent(app_user_id="user_8842", caller_class="in_app_ai")
if not verdict["granted"]:
... # do not run AI over this user's data
Consent is orthogonal to revocation: a denied verdict means your app returns its own 403; the connection and token stay valid so the user can flip consent back on without re-connecting. Write switches through PUT /api/v1/consent/settings from your backend; export the audit trail with GET /api/v1/consent/export (every plan).
One-dependency drop-in. Instead of wiring the three paths by hand, caller_consent() classifies the caller from the credential and evaluates the right independent path:
from fastapi import Depends
from agentadmit import caller_consent
@app.get("/api/records/{owner_id}")
async def get_record(
ctx=Depends(caller_consent(
# derive the class from your own credential structure, never caller input
classify_non_agent=lambda r: "in_app_ai" if r.headers.get("x-internal-ai") == INTERNAL_SECRET else "human_session",
resolve_data_owner_id=lambda r: r.path_params["owner_id"],
required_scope="read:records",
)),
):
... # ctx["caller_class"] is external_agent | in_app_ai | human_session
External agents are checked via hosted introspection — the consent verdict is evaluated before the scope check (a caller whose class the owner denied learns nothing about scope state or step-up), and an absent verdict is resolved through the Consent Ledger, fail-closed. In-app AI goes through the Consent Ledger (fail closed); the human path defers to your own permission model unless you pass gate_human=True. It is a consent gate, not an authenticator, so run it after your own authentication.
Presence Verification (WebAuthn Step-Up)
The verify response can carry a human-presence fact for the connection: whether the person who authorized it completed a WebAuthn ceremony on the consent page. It appears on the agent context as auth_ctx["presence"] when the platform returns it. Older servers omit it, and verified is false for connections minted without a ceremony (direct-API tokens, presence-off sessions, pre-presence connections).
from agentadmit import presence_verified
if not presence_verified(auth_ctx):
... # not presence-verified; absent or malformed data never counts as verified
Guard sensitive endpoints with the fail-closed dependency; a connection without a completed ceremony gets a 403 presence_required:
from agentadmit import require_presence
@app.post("/api/transfers")
async def create_transfer(agent_ctx=Depends(require_presence())):
...
Flask and Django ship the same guard: @aa.require_presence() on the Flask integration, and require_presence() from agentadmit.integrations.django_integration.
Rate Limiting
The AgentAdmit introspection endpoint enforces rate limits. The Python SDK handles HTTP 429 responses automatically with exponential backoff and jitter - no changes needed in your app code.
Retry behavior
| Parameter | Default | Description |
|---|---|---|
| Initial delay | 1 second | First retry wait |
| Backoff multiplier | 2x | Doubles each retry |
| Cap | 30 seconds | Maximum wait per retry |
| Jitter | 0-500 ms | Random addition to each delay |
| Max retries | 3 | Configurable |
The SDK also respects the Retry-After response header - if present, it overrides the computed backoff delay.
Configuring max retries
In agentadmit.yaml:
max_retries: 5 # default: 3. Set to 0 to disable retries.
Handling exhausted retries
When all retries are exhausted, the SDK raises RateLimitError:
from agentadmit.exceptions import RateLimitError
try:
# Any endpoint protected with require_scope / get_agentadmit_user
...
except RateLimitError as e:
print(f"Rate limited. Retry after {e.retry_after}s")
print(f"Limit: {e.limit}, Remaining: {e.remaining}, Reset: {e.reset}")
# Return 429 to the caller or queue for retry
RateLimitError attributes:
retry_after- seconds fromRetry-Afterheader (orNone)limit-X-RateLimit-Limitheader value (orNone)remaining-X-RateLimit-Remainingheader value (orNone)reset-X-RateLimit-ResetUnix timestamp (orNone)
Route Registration Order (FastAPI)
When using create_agentadmit_router(), the SDK registers default endpoints for
/agentadmit/scopes, /agentadmit/connections/generate-token, etc.
If you need to override any SDK endpoint with your own (e.g., a user-aware
/scopes endpoint), register your route before calling app.include_router().
FastAPI resolves routes in registration order - the first matching route wins.
# Correct: custom /scopes registered before SDK router
@app.get("/agentadmit/scopes")
async def my_scopes(current_user: dict = Depends(get_current_user)):
# your user-aware logic
...
wellknown_router, agentadmit_router = create_agentadmit_router(...)
app.include_router(wellknown_router)
app.include_router(agentadmit_router, prefix="/agentadmit")
# Wrong: custom route registered AFTER SDK router (shadowed, never reached)
wellknown_router, agentadmit_router = create_agentadmit_router(...)
app.include_router(agentadmit_router, prefix="/agentadmit") # SDK route wins
@app.get("/agentadmit/scopes") # never reached
async def my_scopes(): ...
Tip: Use the filter_scopes_for_user callback parameter on
create_agentadmit_router() as a cleaner alternative to overriding /scopes
entirely - the SDK handles the endpoint and calls your function to filter results.
Documentation
Full integration guide: https://agentadmit.com/docs/app-owner-guide
Data Collection & Privacy
The AgentAdmit Python SDK runs server-side and does not interact with app stores or end-user devices directly.
What the SDK does
- Validates AgentAdmit tokens by calling AgentAdmit's hosted introspection endpoint (
https://api.agentadmit.com/api/v1/verify) on every agent request - this is mandatory introspection; there is no local or offline validation mode - Enforces scope-based access control on your API routes
- Manages connection lifecycle (create, revoke, audit) using your configured storage backend (MongoDB or in-memory)
What the SDK does NOT do
- Does not transmit raw end-user PII (such as name, email, or device identifiers) - each introspection request sends the opaque access token and your API key
- Does not perform passive background telemetry or analytics - network calls occur only during active token validation
What the AgentAdmit hosted service records
On every token validation, AgentAdmit's /api/v1/verify endpoint receives the access token and API key, resolves the token to its user_id, connection_id, granted scopes, and agent_label, and records per-call metadata (including the endpoint and timestamp) for billing, audit logging, the security alerts engine, and usage metering. This is integral to how AgentAdmit works and applies to both Test Mode and live keys. See the "Mandatory introspection" notes above and the compliance guide for the full data-handling description.
Privacy impact
Since this SDK runs on your server, it has no direct App Store or Play Store compliance surface. Your client-side integration (e.g., the AgentAdmit React SDK) handles privacy manifest and data safety requirements.
For complete compliance guidance, see our compliance guide.
License
All rights reserved. Patent pending.
Security Alerts
Monitor suspicious agent activity with the AgentAdmit alerts API. Six alert types are supported:
volume_spike- unusual request volumefailed_scope_attempts- repeated scope access failuresburst_pattern- rapid burst of requestsstale_reactivation- dormant connection suddenly activenew_scope_usage- agent using a scope for the first timerevoked_connection_attempt- revoked connection trying to authenticate
Configure Alert Thresholds
from agentadmit import configure_alerts
result = configure_alerts(
app_id="app_abc123",
alert_type="volume_spike",
enabled=True,
threshold_value=100,
threshold_window_minutes=5,
kill_switch_enabled=True,
kill_switch_threshold_value=500,
kill_switch_threshold_window_minutes=10,
)
# {"ok": True, "config": {...}}
List Alert Events
from agentadmit import list_alerts
events = list_alerts(app_id="app_abc123", alert_type="volume_spike", limit=50)
# {"events": [...], "total": 12, "limit": 50, "offset": 0}
Get Current Config
from agentadmit import get_alert_config
config = get_alert_config(app_id="app_abc123")
conn_config = get_alert_config(app_id="app_abc123", connection_id="conn_xyz")
Notifying Your Users
AgentAdmit detects anomalies, fires alerts, and (with kill switch) auto-revokes connections. How you notify your own users is up to you. AgentAdmit provides the data - you deliver it through your own system (in-app notifications, email, push, etc.).
-
Poll alerts - Use the SDK methods above from your backend to check for new events, then notify users through your existing system.
-
Webhook delivery - Configure a webhook URL in your AgentAdmit dashboard. When an alert fires, AgentAdmit POSTs the payload to your server, signed with your
whsec_...secret. Always verify the signature before trusting the payload:from agentadmit import verify_webhook_signature, WebhookSignatureError @app.post("/agentadmit/alerts") async def alerts(request: Request): payload = await request.body() try: verify_webhook_signature( payload, request.headers.get("X-AgentAdmit-Signature", ""), secret=os.environ["AGENTADMIT_WEBHOOK_SECRET"], # whsec_... ) except WebhookSignatureError: return JSONResponse({"error": "invalid_signature"}, status_code=400) event = json.loads(payload) ...
The header format is
t=<unix_ts>,v1=<hex>- an HMAC-SHA256 of{t}.{raw_body}keyed with your signing secret. The helper compares in constant time and rejects timestamps more than 5 minutes off (replay protection). -
React SDK - Embed the
<AlertsPanel>component so users can view their own alert history and tighten thresholds.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentadmit-1.5.1.tar.gz.
File metadata
- Download URL: agentadmit-1.5.1.tar.gz
- Upload date:
- Size: 65.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f19446a24f6cb98cdf0554692bb5dcd835b17224409ee3797a79d6a4344a64b0
|
|
| MD5 |
4a02f269e45a904d6b3f4633d3d430de
|
|
| BLAKE2b-256 |
73565f7c0c033a93026edb38ab8edd3f4ec6fdd9e85ef3351f89c8dec406d04d
|
Provenance
The following attestation bundles were made for agentadmit-1.5.1.tar.gz:
Publisher:
publish.yml on PhoenixCo-Founder/agentadmit-sdk-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agentadmit-1.5.1.tar.gz -
Subject digest:
f19446a24f6cb98cdf0554692bb5dcd835b17224409ee3797a79d6a4344a64b0 - Sigstore transparency entry: 2191925383
- Sigstore integration time:
-
Permalink:
PhoenixCo-Founder/agentadmit-sdk-python@04fc41303f583d736ea7c2d4a0fa7952b30691b1 -
Branch / Tag:
refs/tags/v1.5.1 - Owner: https://github.com/PhoenixCo-Founder
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@04fc41303f583d736ea7c2d4a0fa7952b30691b1 -
Trigger Event:
push
-
Statement type:
File details
Details for the file agentadmit-1.5.1-py3-none-any.whl.
File metadata
- Download URL: agentadmit-1.5.1-py3-none-any.whl
- Upload date:
- Size: 56.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6c698296ada0833a8b07726a87a8d9e007b0ce6aae8cbf73b5244b739f453b5a
|
|
| MD5 |
620cdc48effa118e08e724862c52bcb5
|
|
| BLAKE2b-256 |
fa6bca264efbf4f58ac56831e21754c2d5a53a13ede750c6ca2c2e91b8c79281
|
Provenance
The following attestation bundles were made for agentadmit-1.5.1-py3-none-any.whl:
Publisher:
publish.yml on PhoenixCo-Founder/agentadmit-sdk-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agentadmit-1.5.1-py3-none-any.whl -
Subject digest:
6c698296ada0833a8b07726a87a8d9e007b0ce6aae8cbf73b5244b739f453b5a - Sigstore transparency entry: 2191925453
- Sigstore integration time:
-
Permalink:
PhoenixCo-Founder/agentadmit-sdk-python@04fc41303f583d736ea7c2d4a0fa7952b30691b1 -
Branch / Tag:
refs/tags/v1.5.1 - Owner: https://github.com/PhoenixCo-Founder
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@04fc41303f583d736ea7c2d4a0fa7952b30691b1 -
Trigger Event:
push
-
Statement type: