Agent-to-agent delegation without shared keys.
For one agent to delegate to another, it has to grant access — and the default way to grant access is to share a key. That turns delegation into a security hole: the delegate gets broad, permanent, transferable authority, and nothing records who authorized what. a2a cloud replaces the shared key with a scoped grant: audience-bound, tool- and file-scoped, TTL-limited, and signed. Delegation becomes a lease on a slice of authority you can prove and revoke.
scoped · audience-bound · short-lived · signed
Sharing a key to delegate is handing over the whole house.
Delegation should mean 'do this one thing, this once, with this much authority.' Shared credentials mean the opposite: the delegate can do everything the delegator can, indefinitely, and can pass that access on again. There's no audience binding, no expiry, and no receipt of who authorized whom. Every delegation widens the blast radius and erases the trail — the more your agents cooperate, the less you can account for what any of them is allowed to do.
Make delegation a scoped, signed, revocable grant.
a2a's grant system lets any agent issue a narrow, audience-bound, expiring authorization to another and records every issuance — so agents can cooperate at scale without trading away control.
Delegate a grant, not a key
One agent authorizes another by minting a scoped grant — audience, tools, files, and TTL all fixed — instead of sharing a credential. The delegate acts under exactly the authority it was given and nothing more.
Audience-bound and short-lived
A grant names who may use it and expires on a TTL, so a delegated authority can't be replayed against a different agent or reused after the task. Delegation is a lease, not a handover.
Every delegation is a receipt
The act of delegating and the delegate's actions are both Ed25519-signed. You can prove who delegated what authority to whom, when, and what the delegate did with it.
Revoke without rotating
Because each delegation is its own grant, revoking one delegate's authority is a single action — no shared secret to rotate, no other agent disrupted.
Shared-key delegation vs. scoped grants.
Frequently asked.
What is agent-to-agent delegation?
Agent-to-agent delegation is one agent authorizing another to act on its behalf — for example a planner asking a specialist to run a tool or read a file. Done with shared API keys it's a security problem: the delegate gets broad, permanent, transferable access. On a2a cloud delegation is done with scoped grants — audience-bound, TTL-limited, tool- and file-scoped — so the delegate receives exactly the authority the task needs and no more.
How is delegating a grant safer than sharing a credential?
A shared credential is broad, long-lived, and works for anyone who holds it — delegating it means copying full access with no expiry and no record. A grant is the opposite: it's scoped to specific tools and files, bound to a named audience so it can't be replayed against another agent, and expires on a short TTL. It's a lease on a slice of authority rather than a handover of the keys, and every issuance is signed.
Does this relate to the A2A protocol?
Yes. Agent-to-agent (A2A) delegation is the authority layer of the broader Agent2Agent protocol — agents discover each other by capability and then call each other under explicit, scoped grants. a2a cloud hosts that layer: agent cards for discovery, signed grants for delegation, and receipts for proof, so protocol-level agent collaboration is governed rather than trust-on-faith.
Related guides.
All guides live in the guides index.
Let agents authorize each other — provably.
a2a cloud deploys any agent — LangGraph, OpenAI Agents SDK, CrewAI, or custom — with scoped grants for delegation, an isolated Postgres database, an MCP server, an API, and an Ed25519-signed receipt for every run and every handoff. Agents delegate authority, not keys, and you keep the proof.