- Security: Agent wallet HSM-backed keys in KMS • Workload-bound usage • No human access • Full audit trails.
- Verifiable Credentials: Supports both SD-JWT VC (IETF, selective disclosure) and W3C Verifiable Credentials (JSON-LD).
- Protocols: Implements OIDC4VCI for credential issuance and OIDC4VP for presentation and verification.
- Decentralized Identifiers: Uses DIDs (e.g., did:web, did:jwk) to establish unique agent and organization identities.
- Linked Verifiable Presentations (Linked VP): Enables agents to present credentials through the DID Document endpoint, simplifying trust establishment.
-
MCP Integration & Tools: All services are exposed via the
Model Context Protocol (MCP). Tools are scoped by role:
- Guest tools:
describe_wallet4agent,create_agent_identifier_and_wallet. - Dev tools:
get_configuration,update_configuration,rotate_personal_access_token,add_authentication_key,delete_identity,get_attestations_of_this_wallet. - Agent tools:
get_this_wallet_data,get_attestations_of_this_wallet,get_attestations_of_another_agent,accept_credential_offer.
private_key_jwtwith JWK keys). - Guest tools:
On-chain & off-chain identity rails for AI Agents
We help AI Agents integrate with regulated and decentralized trust ecosystems
Trusted Identifiers, Digital Credentials, and Wallets for the Agentic Web
Wallet4Agent gives AI Agents a direct bridge into both regulated identity ecosystems
(such as EU eIDAS v2 / EUDI Wallet, EBSI, Data Spaces, emerging U.S. digital-identity frameworks)
and all decentralized ecosystems built for instance on DIDs and W3C Verifiable Credentials.
Agents can authenticate, connect to organizations and individuals, exchange digital credentials, and act on behalf of real legal identities in a way that is
trusted, auditable, and verifiable by design — with responsibility remaining attached to real people and organizations.
MCP Server · Identity & Credentials
MPC-backed keys, DIDs, Verifiable Credentials, and OAuth2-based access control for AI Agents.
All anchored in a dedicated Wallet4Agent identity wallet & authorization server.
Identifiers
DIDs (did:web, did:jwk)
Credentials
SD-JWT VC, W3C VC
Protocols
OIDC4VCI & OIDC4VP
Identity & Credentials Engine
Technology Stack
All capabilities of Wallet4Agent are powered by a dedicated MCP Server that manages identity, verification, and credential issuance for AI Agents, companies, and users.
Community
Get Involved
Wallet4Agent is in its early stage and evolving fast with the W3C, DIF, and IETF communities. Join us to shape the standards-compliant identity and accountability infrastructure for AI Agents.
Developer quickstart
Get Started
It’s simple to spin up an attached identity for an agent and start issuing or verifying credentials. You can either call a public MCP tool (no bearer token required) or use an MCP Inspector to try all wallet and verifier tools interactively. The MCP endpoint is available at https://wallet4agent.com/mcp.
Option A — JSON-RPC call to /mcp (guest, no auth)
As a guest, you can create a new Agent DID and wallet with the
create_agent_identifier_and_wallet tool. You attach the agent to a human
or organization by providing an owners_identity_provider and one or more
owners_login values.
Request
curl -s https://wallet4agent.com/mcp \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "create_agent_identifier_and_wallet",
"arguments": {
"owners_identity_provider": "google", // "google", "github", "personal data wallet"
"owners_login": "dev@example.com", // comma-separated list if multiple
"authentication": "Personal Access Token (PAT)" // or "OAuth 2.0 Client Credentials Grant"
}
}
}'Successful response (excerpt)
{
"jsonrpc": "2.0",
"result": {
"content": [
{"type":"text","text":"New agent identifier and wallet created. Copy agent personal access token and dev personal access token as they are not stored."}
],
"structuredContent": {
"agent_identifier": "did:web:wallet4agent.com:<id>",
"wallet_url": "https://wallet4agent.com/did/<id>",
"dev_personal_access_token": "<dev_pat>"
// If authentication = "Personal Access Token (PAT)":
// "agent_personal_access_token": "<agent_pat>"
// If authentication = "OAuth 2.0 Client Credentials Grant":
// "agent_client_id": "did:web:wallet4agent.com:<id>",
// "agent_client_secret": "<agent_client_secret>",
// "authorization_server": "https://wallet4agent.com"
}
},
"id": 1
}
You always receive a dev_personal_access_token for developer / admin operations.
Depending on the authentication mode, the agent either gets its own
personal access token or a pair of
OAuth 2.0 client credentials (client_id + client_secret)
bound to the Authorization Server.
Option B — Dev using MCP tools with a dev_personal_access_token
With your dev_personal_access_token, you can configure and inspect the wallet
using the dev tools:
get_configuration, update_configuration,
rotate_personal_access_token, add_authentication_key,
get_attestations_of_this_wallet, and delete_identity.
Example: get configuration of the wallet
curl -s https://wallet4agent.com/mcp \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <dev_personal_access_token>" \
-d '{
"jsonrpc": "2.0",
"id": 2,
"method": "tools/call",
"params": {
"name": "get_configuration",
"arguments": {}
}
}'Example: register a public key for private_key_jwt
curl -s https://wallet4agent.com/mcp \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <dev_personal_access_token>" \
-d '{
"jsonrpc": "2.0",
"id": 3,
"method": "tools/call",
"params": {
"name": "update_configuration",
"arguments": {
"client_public_key": "{ \\"kty\\":\\"EC\\", \\"crv\\":\\"P-256\\", \\"x\\":\\"...\\", \\"y\\":\\"...\\" }"
}
}
}'
The client_public_key is stored in the wallet and used by the Authorization Server
to verify OAuth2 private_key_jwt client assertions for this Agent.
Option C — Agent tools with PAT or OAuth2 Client Credentials
The AI Agent itself calls the MCP server using either an agent_personal_access_token
or an OAuth 2.0 access token obtained via the Client Credentials flow
(including client_secret_basic, client_secret_post, or
private_key_jwt with JWK keys).
From the agent role, use tools such as:
describe_wallet4agent, explain_how_to_install_wallet4agent,
get_this_wallet_data, get_attestations_of_this_wallet,
get_attestations_of_another_agent, accept_credential_offer,
and sign_text_message.
Example: agent reads its wallet metadata
curl -s https://wallet4agent.com/mcp \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <agent_access_token>" \
-d '{
"jsonrpc": "2.0",
"id": 4,
"method": "tools/call",
"params": {
"name": "get_this_wallet_data",
"arguments": {}
}
}'
When configured for OAuth2, the Agent first calls the AS token endpoint with its
client_id and client_secret (or private_key_jwt),
then uses the resulting access token in the MCP
Authorization: Bearer header.
Option D — Explore everything with an MCP Inspector
Point your MCP Inspector to https://wallet4agent.com/mcp, discover the tools,
and experiment:
-
Guest:
Call
create_agent_identifier_and_walletto bootstrap a new agent and wallet. -
Developer:
Use your
dev_personal_access_tokento callget_configuration,update_configuration,rotate_personal_access_token,add_authentication_key,get_attestations_of_this_wallet, anddelete_identity. -
Agent:
With an agent PAT or OAuth2 access token, call
describe_wallet4agent,explain_how_to_install_wallet4agent,get_this_wallet_data,get_attestations_of_this_wallet,get_attestations_of_another_agent,accept_credential_offer, orsign_text_messageto sign arbitrary text with the Agent's DID-backed key. -
Verifier (agent verifying a human user):
Use
start_user_verificationto send a verification link by email, thenpoll_user_verificationto retrieve the verification status and verified wallet data.
Tool availability and returned fields depend on who calls the MCP server (guest, developer, agent or verifier) and on the configured authentication mode (PAT vs OAuth2). The server advertises its capabilities through standard MCP routes, and enforces role-based access to keep responsibilities clearly separated.