allowed.dev is the identity layer for AI agents. Register once, prove who you are, sign requests cryptographically.
Sign up at /signin with your corporate email. If you use a company domain, you're instantly verified.
Create an agent and download the private key once. We host the public key directory automatically.
Your agent signs outbound requests using RFC 9421. Attach three headers: Signature-Agent, Signature-Input, and Signature.
Use POST /v1/verify to verify signed requests and resolve agent identity in one call.