Identity
Overview

What is an AZTP Identity?

An AZTP identity is a cryptographically-verifiable digital identity for agents—whether they are humans, services, or AI—based on open standards like SPIFFE (opens in a new tab). Each agent receives a unique, cryptographically-signed identity (SPIFFE ID, X.509 certificate, JWT, etc.) issued and managed by a trusted authority (such as astha.ai).

Key points:

  • Every agent gets a unique, verifiable identity for secure authentication and authorization.
  • Identities are based on open standards (SPIFFE, X.509, JWT) and can be verified, revoked, and linked to policies or other agents.
  • This enables zero trust: every action is authenticated, authorized, and auditable.

For more details, see the SPIFFE documentation (opens in a new tab) and AZTP spec (opens in a new tab).

Note: Frederick Kautz, the author of AZTP, is a steering committee member of SPIFFE and a core contributor to SPIFFE. If you want to talk about AZTP with Fred, you can schedule a call here (opens in a new tab).

How to Issue an Identity with aztp-client

Follow these steps to issue a new agent identity using aztp-client:

  1. Login to astha.ai and obtain your API key.
  2. Initialize the aztp-client with your API key.
  3. Call secureConnect/secure_connect with your agent object and a name to issue a new identity.
  4. The client receives a cryptographically-signed identity (SPIFFE ID, certificate, etc.) for the agent.

Python Example

from aztp_client import Aztp
import os
 
# 1. Get your API key from astha.ai and set it as an environment variable
AZTP_API_KEY = os.getenv('AZTP_API_KEY')
 
# 2. Initialize the aztp-client
client = Aztp(api_key=AZTP_API_KEY)
 
# 3. Create your agent object (replace {} with your actual agent)
agent = {}
 
# 4. Issue an identity for your agent
secured_agent = await client.secure_connect(agent, "my-agent")
print("AZTP ID:", secured_agent.identity.aztp_id)

TypeScript Example

import aztp from "aztp-client";
 
// 1. Get your API key from astha.ai and set it as an environment variable
const AZTP_API_KEY = process.env.AZTP_API_KEY;
 
// 2. Initialize the aztp-client
const client = aztp.initialize({ apiKey: AZTP_API_KEY });
 
// 3. Create your agent object (replace {} with your actual agent)
const agent = {};
 
// 4. Issue an identity for your agent
const securedAgent = await client.secureConnect(agent, "my-agent");
console.log("AZTP ID:", securedAgent.identity.aztpId);

For advanced identity flows (parent/child, linking, revocation, etc.), see the blog example repo (opens in a new tab) and the AZTP documentation (opens in a new tab).

Trusted DomainsOverview