Skip to content

Credential Lifecycle

Credential Lifecycle

Method Endpoint Description
GET /v1/enforce/agents/{id}/credentials List all credentials for an agent
GET /v1/enforce/agents/{id}/credentials/active Get active credential
POST /v1/enforce/agents/{id}/credentials/rotate Rotate: revoke old, issue new (returns private key)
POST /v1/enforce/credentials/{id}/revoke Permanently revoke a credential
GET /v1/enforce/credentials List all workspace credentials
POST /v1/enforce/credentials/{id}/verify Verify a signed assertion

Identity Policy Type

requests.post(f"{BASE}/enforce/policies", headers=HEADERS, json={
    "name": "Require Agent Identity",
    "policy_type": "identity",
    "decision": "block",
    "conditions": {
        "require_identity": True,
        "required_scopes": ["trade:write"],
        "blocked_dids": ["did:xybern:ws1:agent_compromised"]
    }
})