AP2 Intent Mandate
An intent mandate is a cryptographically signed authorization that allows an AI agent to act on behalf of a user within defined constraints. This example shows the complete flow from mandate creation to verification.
Step 1: Create the Mandate
const mandatePayload = {
type: 'intent',
user_id: 'user_123',
agent_id: 'agent_456',
constraints: {
max_amount: 100.00,
currency: 'USD',
categories: ['electronics', 'books'],
expires_at: new Date(Date.now() + 3600000).toISOString(),
},
};
const response = await fetch('https://api.soft.house/ap2/intent-mandates', {
method: 'POST',
headers: {
'Authorization': `Bearer ${apiKey}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(mandatePayload),
});
const mandate = await response.json();
console.log(`Mandate ID: ${mandate.id}`);
console.log(`Signature: ${mandate.classical_signature}`);
Step 2: Agent Uses the Mandate
// The agent references the mandate when making purchases
const purchaseResponse = await fetch('https://api.soft.house/ap2/autonomous-wish', {
method: 'POST',
headers: {
'Authorization': `Bearer ${agentApiKey}`,
'Content-Type': 'application/json',
'X-Mandate-ID': mandate.id,
},
body: JSON.stringify({
title: 'USB-C Hub for laptop',
budget: { max: 50.00 },
}),
});
Step 3: Verify the Mandate
// Server-side verification (both classical + quantum signatures must pass)
const verifyResponse = await fetch(
`https://api.soft.house/ap2/intent-mandates/${mandate.id}/verify`,
{
method: 'POST',
headers: {
'Authorization': `Bearer ${apiKey}`,
'Content-Type': 'application/json',
},
}
);
const result = await verifyResponse.json();
console.log(`Classical valid: ${result.classical_valid}`);
console.log(`Quantum valid: ${result.quantum_valid}`);
console.log(`Overall: ${result.valid}`);
Response
{
"id": "mandate_xyz789",
"type": "intent",
"status": "active",
"classical_signature": "MEUCIQDk3...",
"quantum_signature": "ML-DSA-65:abc...",
"constraints": {
"max_amount": 100.00,
"currency": "USD",
"spent_amount": 0.00,
"remaining": 100.00
},
"created_at": "2026-03-03T12:00:00Z",
"expires_at": "2026-03-03T13:00:00Z"
}
Key Concepts
- Hybrid Signatures: Every mandate carries both ECDSA (classical) and ML-DSA-65 (quantum-safe) signatures
- Spending Limits: The
max_amountconstraint limits total agent spending under this mandate - Category Restrictions: Agents can only purchase items in allowed categories
- Expiration: Mandates automatically expire after the specified time