Beta Early access — you're seeing this before public launch. Browse our books See terms of early access

AP2 Intent Mandate

Create an AP2 intent mandate with ECDSA signature for autonomous agent purchasing.

AP2 intermediate 15 minutes
View on GitHub

AP2 Intent Mandate

An intent mandate is a cryptographically signed authorization that allows an AI agent to act on behalf of a user within defined constraints. This example shows the complete flow from mandate creation to verification.

Step 1: Create the Mandate

const mandatePayload = {
  type: 'intent',
  user_id: 'user_123',
  agent_id: 'agent_456',
  constraints: {
    max_amount: 100.00,
    currency: 'USD',
    categories: ['electronics', 'books'],
    expires_at: new Date(Date.now() + 3600000).toISOString(),
  },
};

const response = await fetch('https://api.soft.house/ap2/intent-mandates', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify(mandatePayload),
});

const mandate = await response.json();
console.log(`Mandate ID: ${mandate.id}`);
console.log(`Signature: ${mandate.classical_signature}`);

Step 2: Agent Uses the Mandate

// The agent references the mandate when making purchases
const purchaseResponse = await fetch('https://api.soft.house/ap2/autonomous-wish', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${agentApiKey}`,
    'Content-Type': 'application/json',
    'X-Mandate-ID': mandate.id,
  },
  body: JSON.stringify({
    title: 'USB-C Hub for laptop',
    budget: { max: 50.00 },
  }),
});

Step 3: Verify the Mandate

// Server-side verification (both classical + quantum signatures must pass)
const verifyResponse = await fetch(
  `https://api.soft.house/ap2/intent-mandates/${mandate.id}/verify`,
  {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json',
    },
  }
);

const result = await verifyResponse.json();
console.log(`Classical valid: ${result.classical_valid}`);
console.log(`Quantum valid: ${result.quantum_valid}`);
console.log(`Overall: ${result.valid}`);

Response

{
  "id": "mandate_xyz789",
  "type": "intent",
  "status": "active",
  "classical_signature": "MEUCIQDk3...",
  "quantum_signature": "ML-DSA-65:abc...",
  "constraints": {
    "max_amount": 100.00,
    "currency": "USD",
    "spent_amount": 0.00,
    "remaining": 100.00
  },
  "created_at": "2026-03-03T12:00:00Z",
  "expires_at": "2026-03-03T13:00:00Z"
}

Key Concepts

  • Hybrid Signatures: Every mandate carries both ECDSA (classical) and ML-DSA-65 (quantum-safe) signatures
  • Spending Limits: The max_amount constraint limits total agent spending under this mandate
  • Category Restrictions: Agents can only purchase items in allowed categories
  • Expiration: Mandates automatically expire after the specified time