Skip to main content
AgentScore Passport is a portable identity credential for buyer-side agents. Verify your identity once (KYC + age + jurisdiction + sanctions) and your Passport works on every AgentScore-gated merchant; wine, regulated commerce, age-restricted services, etc.; without re-verifying per site. The Passport is held by your agent’s wallet on your behalf. Merchants see only the derived facts (verified, 21+, US-Based, Sanctions Clear); never your raw PII (name, address, ID images, DOB).

Two ways to provision a Passport

The fastest path. One command opens a verify URL, polls until you complete KYC in the browser, and saves the credential to your agent’s wallet: 
agentscore-pay passport login
After that, every agentscore-pay <url> call against an AgentScore-gated merchant attaches your credential automatically; no per-call prompting, no “log in first” walls. Tokens are short-lived but pay refreshes them silently in the background, so the user-visible UX is “verify once, six months ago, just keeps working.” 
# Inspect what's saved
agentscore-pay passport status

# Remove the local credential (and revoke remotely if --api-key is set)
agentscore-pay passport logout

# Skip auto-attach for an explicit-anonymous request
agentscore-pay pay POST <url> --skip-passport ...

From the dashboard (browser)

Go to agentscore.sh/dashboard/verify. Sign in (free account). Optionally link a wallet by signing a challenge message; complete identity verification with Stripe Identity (~2 minutes; government ID + selfie). Generate operator credentials manually for agents that don’t auto-provision.

What gets shared

Merchants you transact with see only these derived facts:
FactExample
Verifiedyes
Age bracket21+
JurisdictionUS
Sanctions clearyes
Raw PII (name, address, ID document images, date of birth) is never shared. Identity verification is handled by Stripe Identity; sanctions screening by OpenSanctions against OFAC, UN, EU, UK, and other public watchlists. Both process PII transiently; AgentScore stores only the derived results.
KYC is optional during the wallet-link flow if you’re only using AgentScore for unregulated services. Merchants that gate on KYC will surface a verify prompt when you attempt to transact.

Cold-start bootstrap (no Passport yet)

If you skip passport login and run agentscore-pay <url> against an AgentScore-gated merchant, the merchant returns a 403 with a verify URL. Pay drives the verification inline; prints the URL, waits for you to complete KYC in the browser, then retries the original request automatically. That single shell command becomes: agent → bootstrap 403 → user clicks → verify → settle. Zero per-merchant configuration. The trade-off vs passport login first: bootstrap-minted Passports come from a merchant-initiated session, which doesn’t issue a refresh_token, so they re-verify every 24h when the access token expires. passport login mints a 24h access + 90d refresh pair; pay rotates silently for ~90 days before any user-visible re-verify. Doing passport login once up front gets the better long-term UX.

Multiple wallets, one Passport

Your Passport applies to every wallet you link. Add wallets from the dashboard with the “EVM wallet” or “Solana wallet” button; KYC carries over; you don’t re-verify per wallet. One EVM signature covers all EVM chains (Base, Tempo, etc.); Solana uses its own signature. When you pay from any linked wallet, merchants resolve it to your Passport via POST /v1/assess. Captured wallets; wallets that paid under one of your operator credentials but were never explicitly claimed; also inherit your account’s KYC. The first time you pay from a fresh wallet under a verified Passport, AgentScore captures the wallet → operator mapping; from then on, the wallet resolves like any claimed wallet.

Revoking access

  • Wallet: unlink from the dashboard verify page.
  • Operator credential: agentscore-pay passport logout, DELETE /v1/credentials/:id, or revoke from the dashboard.
  • Verification itself: contact support to delete your verification record.

Operator credentials in detail

Each Passport login mints an operator_token (opc_..., 24h) plus a refresh_token (prt_..., 90d); the access credential is what your agent presents as X-Operator-Token; the refresh credential stays on disk and is single-use rotating. A credential is identity, not verification: it identifies who the operator is, and the underlying account’s KYC determines whether merchants accept it. Access credentials are short-lived and rotated automatically when held by agentscore-pay (the wallet exchanges the refresh_token for a fresh pair the next time it’s used after access expiry); merchants check the live KYC state on each request via POST /v1/assess.
A credential token alone is not verification. If your account hasn’t completed KYC, POST /v1/credentials returns 409 kyc_required. Complete KYC first; every subsequent credential inherits the verified status automatically.

Privacy posture

  • No PII at rest in AgentScore beyond derived facts (verified / age_bracket / jurisdiction / sanctions_status).
  • No merchant-by-merchant disclosure of PII. Merchants see only the derived facts above.
  • Revocable. You can revoke any credential or unlink any wallet at any time.
  • Auditable. Every credential issuance + every merchant assessment is logged on your account.