a2a cloud
API keys aren't enough

AI agent authentication that proves who's calling.

A static API key authenticates a string, not an identity — it can't tell whether the user, the agent, or the agent acting for the user made the call. a2a cloud replaces it with short-lived Ed25519-signed tokens and scoped grants: managed authentication on deploy, verifiable caller identity, and least-privilege authorization. No OAuth flows to build, no identity provider to run.

signed tokens · verifiable identity · no ambient trust

0%
auth on deploy
0
OAuth to build
0
static keys required
the problem

A shared key authenticates a secret, not an agent.

Most agent deployments authenticate with a static API key: a bearer string that grants whatever it was provisioned for to whoever holds it. It has no identity, so the runtime can't distinguish the user from the agent from the agent acting on the user's behalf. It has no expiry, so it lingers in env vars and configs until someone rotates it. And building anything better usually means standing up an identity provider and implementing OAuth before your agent serves its first real request.

A static key has no identity — user, agent, and agent-for-user are indistinguishable to the runtime.
Bearer keys don't expire on their own; they linger in configs and logs until manually rotated.
Authentication and authorization collapse into one secret: holding it grants everything.
Doing it properly means integrating an IdP and building OAuth flows before v1 ships.
the a2a way

Managed auth on deploy. Identity, not secrets.

a2a cloud makes authentication a platform primitive. Short-lived signed tokens prove caller identity, scoped grants bound what that identity may do, and it's all on by default from the first deploy.

Authenticated on deployShort-lived signed tokensIdentity, not just a keyAuthentication meets authorizationNo OAuth to buildEvery auth decision is on the receipt

Authenticated on deploy

Your agent's API, MCP, and A2A surfaces come authenticated out of the box. There's no unauthenticated window to close later and no identity provider to stand up before v1 ships.

Short-lived signed tokens

Callers present Ed25519-signed tokens with a bounded lifetime, not a static secret. A token that leaks is worthless minutes later — authentication that expires instead of lingering in a config file.

Identity, not just a key

Every call carries a verifiable caller identity. The runtime knows whether the user, the agent, or the agent acting for the user made the request — a question a shared API key can never answer.

Authentication meets authorization

Proving who you are gets you a scoped grant, not blanket access. The grant binds audience, TTL, and the exact tools and files permitted, so authentication hands off to least-privilege authorization.

No OAuth to build

Token issuance, verification, rotation, and revocation are platform primitives. You don't integrate an IdP, implement OAuth flows, or run a key-management scheme to authenticate callers.

Every auth decision is on the receipt

Each run's Ed25519-signed receipt records the authenticated caller and the grant it acted under. Who was let in, and with what authority, is part of the tamper-evident evidence — not a stray log line.

side-by-side

Static API keys vs. signed-token auth.

dimension
API key auth
a2a cloud
credential
A static API key. Whoever holds the string is 'authenticated' as whatever it was provisioned for.
A short-lived Ed25519-signed token that proves identity and expires by TTL.
identity
A shared key has no notion of who is calling — user, agent, or agent-for-user are indistinguishable.
Every call carries a verifiable caller identity the runtime can attribute.
authorization
Authentication and authorization collapse into one key: proving you hold it grants everything.
Authentication yields a scoped grant — audience, TTL, and explicit tool and file scope.
building it
Stand up an IdP, implement OAuth, and run token rotation and revocation yourself.
Managed auth on deploy — issuance, verification, and rotation are platform primitives.
evidence
Who authenticated and under what authority rarely makes it into a durable, provable record.
The signed receipt records the authenticated caller and the grant it acted under.
questions

Frequently asked.

How does AI agent authentication work on a2a cloud?

Callers authenticate with short-lived Ed25519-signed tokens rather than static API keys. Every call carries a verifiable caller identity, and proving that identity yields a scoped grant that binds an audience, a TTL, and the exact tools and files permitted. Authentication is on by default across your agent's API, MCP, and A2A surfaces from the first deploy.

Why aren't API keys enough to authenticate an agent?

A static API key is a bearer secret with no identity and no expiry: whoever holds the string is treated as authenticated, with whatever access it was provisioned for, until it's rotated. It can't tell whether the user, the agent, or the agent acting for the user is calling. Short-lived signed tokens plus scoped grants give you verifiable identity, a bounded lifetime, and least-privilege authorization instead.

Do I have to build OAuth or run an identity provider?

No. Token issuance, verification, rotation, and revocation are platform primitives on a2a cloud. Your agent's endpoints are authenticated on deploy without you integrating an IdP, implementing OAuth flows, or maintaining a key-management scheme — managed auth is part of the deploy, not a separate project.

What's the difference between authentication and scoped grants here?

Authentication proves who a caller is; a scoped grant defines what they may do. On a2a cloud they compose: presenting a valid signed token authenticates the caller, and the caller receives a grant bound to an audience, a TTL, and an explicit tool and file scope. You get verified identity handing off to least-privilege authorization, with no ambient trust.

Can I prove which caller was authenticated for an action?

Yes. Every run produces an Ed25519-signed, hash-chained receipt that records the authenticated caller and the scoped grant the action ran under. Who was authenticated, and with what authority, is part of tamper-evident evidence an auditor can verify independently — not a log line you have to trust.

keep reading

Related guides.

All guides live in the guides index.

prove the caller, scope the authority

Authenticate agents the right way.

a2a cloud deploys any agent with managed authentication built in — short-lived Ed25519-signed tokens for verifiable caller identity and scoped grants for least-privilege authorization. No OAuth flows, no identity provider to run. Every run is signed and records the caller and grant it acted under. One deploy, authenticated and provable.