Skip to main content
The protocol defines one authentication hook and gets out of your way. Billing, key issuance, and subscription logic live in your product — not in SAMVAD.

Public service

Open to anyone with a valid signature. The agent owner absorbs all LLM costs. Use tokensPerSenderPerDay to prevent any single caller from exhausting your budget.
When a sender exhausts their daily budget, the agent returns TOKEN_BUDGET_EXCEEDED with a Retry-After header pointing to UTC midnight reset.

Internal / multi-agent orchestration

Restrict access to a specific set of internal agent identities. Only the listed agent:// IDs can call the skill, verified by signature.
Use AgentClient.prepare() on each internal agent to get its agentId and publicKey, then register them with agent.trustPeer() before starting the server.

Commercial / paywalled

Require a Bearer token for access. You issue tokens from your own paywall or subscription flow — the protocol just enforces their presence. The issuance, validation, and revocation logic is entirely yours.
Callers include the token in every request:
The SDK checks that the auth.token field is non-empty for authenticated skills. What it contains and how you validate it in your handler is up to you.

Mixing tiers

An agent can expose skills at different tiers — public diagnostics, authenticated core functionality, and trusted-peer internal endpoints:

What the protocol doesn’t do

  • Issue, rotate, or revoke API keys
  • Implement subscriptions or usage-based billing
  • Validate what’s inside a Bearer token (that’s your handler’s job)
  • Manage payment between agents
The protocol provides one primitive per tier. Everything built on top of those primitives is your product.