AI Agent Authorization

Make agents ask
before they act

Before an agent executes a sensitive action, SilentAuth evaluates policy, requests approval when needed, and returns a signed receipt your code verifies.

Join Open Preview Read the guide

declare_intent.py

# Before executing a sensitive action, declare an intent
resp = requests.post(
    "https://api.silentauth.io/v1/intents",
    headers={
        "Authorization": f"Bearer {SECRET_KEY}",
    },
    json={
        "project_id":  "proj_live",
        "agent_id":    "refund-agent-v1",
        "action":      "delete_user_data",
        "action_hash": "sha256:8f4...",
        "risk_tier":   "critical",
        "context":     {"user_id": user_id},
    },
)
intent_id = resp.json()["id"]# pending approval
decision = resp.json()["decision"]# require_approval | auto_approve | auto_deny

Step 1 of 4

Interactive Demo

See it in action

Pick an agent action, simulate the authorization flow, then approve or deny it like your team would in production.

Live Authorization Demo

Ready

Select an agent action

Authorization pipeline

Intent declared

Policy check

Human review

Receipt issued

Select an action and click run to simulate the flow

Policy outcome:Human approval required

Everything needed for the first protected action

Purpose-built for agents and automations that need authorization before real-world effects.

Action Authorization

Wrap sensitive agent actions with a control point. When risk is high, execution pauses until policy, a reviewer, or proof resolves it.

Policy-Driven Decisions

Define rules that auto-approve routine work, deny blocked patterns, and require review for dangerous actions.

Signed Receipts

Approvals issue short-lived receipt tokens bound to the action hash, policy hash, nonce, approver, and expiry.

Approval Notifications

Approvers can review pending intents in the dashboard and route events to email or webhooks.

Agent Status Enforcement

Full Audit Trail

Every intent, decision, proof channel, receipt, and execution result is recorded for investigation and review.

How it works

Four steps from agent action to signed receipt, or a clean denial.

Register your agent and declare an intent

Register your agent in the dashboard to get a scoped identity. Before executing a sensitive action, send the action, context, and action hash to SilentAuth.

request

curl -X POST https://api.silentauth.io/v1/intents \
  -H "Authorization: Bearer sk_your_secret_key" \
  -H "Content-Type: application/json" \
  -d '{
    "project_id":  "proj_live",
    "agent_id":    "refund-agent-v1",
    "action":      "issue_refund",
    "action_hash": "sha256:8f4...",
    "risk_tier":   "high",
    "context":     {
      "customer_id": "cust_4821",
      "amount": 50.00
    }
  }'

response

{
  "id":       "a3f2c1b0-...",
  "decision": "require_approval",
  "data": {
    "status": "pending",
    "risk_tier": "high"
  }
}

Policy evaluated instantly

SilentAuth checks configured policies before the intent can resolve. Matching rules can approve safe work, deny blocked work, or request review.

Match on action name (glob patterns like delete_* )
Match on risk tier (low / medium / high / critical)
Match on source type (ai_agent / devops / automation)
Priority ordering, first match wins
Auto-approve or auto-deny with immediate response

Human notified if required

If policy requires review, the intent lands in the approval queue and fires configured notification channels.

Dashboard shows full context: action, parameters, risk tier
Webhook fires to Slack, PagerDuty, or a custom endpoint
Approver sees who triggered it, from which agent, and with what args
Critical-risk intents require typed 'CONFIRM' confirmation

Agent receives a signed receipt

On approval, a short-lived receipt is issued. Your agent verifies it before execution. On denial, it aborts cleanly.

request

# Python: poll until resolved
for _ in range(120):   # 10 minute timeout
    time.sleep(5)
    result = requests.get(
        "https://api.silentauth.io/v1/intents?status=approved",
        headers={"Authorization": f"Bearer {SECRET_KEY}"},
    ).json()
    for intent in result["data"]:
        if intent["id"] == intent_id:
            receipt_token = intent["receipt_token"]
            return receipt_token

Common use cases

Any autonomous action with real-world consequences becomes safer with an execution gate.

Payment and Refund Processing

Require approval before agents issue refunds, charges, or transfers above defined thresholds.

Database Modifications

Require approval before agents delete rows, drop tables, or run bulk production updates.

Production Deployments

Gate CI/CD deploys so automation cannot push to production without a verified receipt.

Secret and Key Rotation

Audit and gate API key rotations, certificate renewals, and credential changes.

Mass Communication

Prevent agents from sending email, Slack, or SMS blasts to large groups without review.

Infrastructure Changes

Gate Terraform applies, cloud resource creation, and network changes that could affect uptime.

Plain API first. SDKs where they help.

The first integration path is a plain REST API. If your agent can make an HTTP request, it can request authorization and verify a returned receipt.

Plain HTTP POST to declare an intent

Poll GET or configure webhooks for resolution

Receipt token verifiable before execution

Works in serverless, containers, and bare metal

Read the integration guide

Works with

Python (requests)LangChainOpenAI AssistantsNode.js / TypeScriptGitHub ActionsGitLab CITerraformAutoGen (coming soon)CrewAI (coming soon)

Frequently asked questions

Everything you need to know about connecting agents to action authorization.

Protect the first action

Connect your first agent, send a test intent, approve it, and verify the receipt before execution.

Join Open Preview Read the docs

Make agents askbefore they act