a2a cloud
delegate authority, not keys

Agent-to-agent delegation without shared keys.

For one agent to delegate to another, it has to grant access — and the default way to grant access is to share a key. That turns delegation into a security hole: the delegate gets broad, permanent, transferable authority, and nothing records who authorized what. a2a cloud replaces the shared key with a scoped grant: audience-bound, tool- and file-scoped, TTL-limited, and signed. Delegation becomes a lease on a slice of authority you can prove and revoke.

scoped · audience-bound · short-lived · signed

0
shared keys handed to delegates
0%
signed record per delegation
0
authority per grant (least privilege)
the problem

Sharing a key to delegate is handing over the whole house.

Delegation should mean 'do this one thing, this once, with this much authority.' Shared credentials mean the opposite: the delegate can do everything the delegator can, indefinitely, and can pass that access on again. There's no audience binding, no expiry, and no receipt of who authorized whom. Every delegation widens the blast radius and erases the trail — the more your agents cooperate, the less you can account for what any of them is allowed to do.

A shared key grants broad, permanent, transferable access.
No audience binding — the credential works for any caller.
No record of who delegated what authority to whom.
Revoking access means rotating a secret many agents depend on.
the a2a way

Make delegation a scoped, signed, revocable grant.

a2a's grant system lets any agent issue a narrow, audience-bound, expiring authorization to another and records every issuance — so agents can cooperate at scale without trading away control.

Delegate a grant, not a keyAudience-bound and short-livedEvery delegation is a receiptRevoke without rotating

Delegate a grant, not a key

One agent authorizes another by minting a scoped grant — audience, tools, files, and TTL all fixed — instead of sharing a credential. The delegate acts under exactly the authority it was given and nothing more.

Audience-bound and short-lived

A grant names who may use it and expires on a TTL, so a delegated authority can't be replayed against a different agent or reused after the task. Delegation is a lease, not a handover.

Every delegation is a receipt

The act of delegating and the delegate's actions are both Ed25519-signed. You can prove who delegated what authority to whom, when, and what the delegate did with it.

Revoke without rotating

Because each delegation is its own grant, revoking one delegate's authority is a single action — no shared secret to rotate, no other agent disrupted.

side-by-side

Shared-key delegation vs. scoped grants.

dimension
shared key
a2a grant
delegation
Share an API key and hope the other agent behaves.
Mint a scoped grant bound to audience, tools, and TTL.
reuse
A shared key works anywhere, forever, for anyone.
A grant works for one audience, one scope, until it expires.
proof
No record of who authorized whom.
Signed receipts for the delegation and the delegate's actions.
revocation
Rotate the shared key and redeploy everyone who held it.
Revoke one grant; nothing else is touched.
questions

Frequently asked.

What is agent-to-agent delegation?

Agent-to-agent delegation is one agent authorizing another to act on its behalf — for example a planner asking a specialist to run a tool or read a file. Done with shared API keys it's a security problem: the delegate gets broad, permanent, transferable access. On a2a cloud delegation is done with scoped grants — audience-bound, TTL-limited, tool- and file-scoped — so the delegate receives exactly the authority the task needs and no more.

How is delegating a grant safer than sharing a credential?

A shared credential is broad, long-lived, and works for anyone who holds it — delegating it means copying full access with no expiry and no record. A grant is the opposite: it's scoped to specific tools and files, bound to a named audience so it can't be replayed against another agent, and expires on a short TTL. It's a lease on a slice of authority rather than a handover of the keys, and every issuance is signed.

Does this relate to the A2A protocol?

Yes. Agent-to-agent (A2A) delegation is the authority layer of the broader Agent2Agent protocol — agents discover each other by capability and then call each other under explicit, scoped grants. a2a cloud hosts that layer: agent cards for discovery, signed grants for delegation, and receipts for proof, so protocol-level agent collaboration is governed rather than trust-on-faith.

keep reading

Related guides.

All guides live in the guides index.

don't trust the agent

Let agents authorize each other — provably.

a2a cloud deploys any agent — LangGraph, OpenAI Agents SDK, CrewAI, or custom — with scoped grants for delegation, an isolated Postgres database, an MCP server, an API, and an Ed25519-signed receipt for every run and every handoff. Agents delegate authority, not keys, and you keep the proof.