ADI
Contact us
ADI Blog Agent integration 4 min read

Three ways to connect an external agent to the ADI trust layer

An external agent does not need to run inside ADI to be governed by ADI. The practical question is how the relying system authenticates that agent and when it asks ADI for trust, delegation, and certificate state.

Authentication and trust are separate concerns: a token proves transport-level identity, while ADI proves delegated authority.

Most teams should start with agent token or API key plus ADI trust lookup, then add OIDC or signed delegation only when the relying system truly needs it.

The same trust profile can describe all three integration modes without pretending that every relying party must use the same auth stack.

The architectural split that matters

The external agent can live anywhere: your own cloud, the customer network, or a partner-hosted runtime. ADI does not have to execute the agent to govern it.

The relying system has two separate jobs. First it must authenticate the caller technically. Then it must ask ADI whether that authenticated agent is allowed to act for this owner, in this scope, under this trust level.

Authentication answers: is this request technically authentic?

ADI trust answers: who is this agent, for whom may it act, and what is currently allowed?

Mode 1: Agent token or API key plus trust lookup

This is the most direct pattern for internal systems or fast enterprise integrations. The external agent authenticates with an agent token or API key, and the relying system immediately asks ADI for the live trust state before executing the action.

Best for internal owner systems and private tools

No OIDC federation required

ADI remains the source of truth for permissions, limits, and revocation

Standard mode sequence

The relying system trusts its own runtime authentication and then asks ADI for the binding, policy, and certificate state.

sequenceDiagram
    participant A as External Agent
    participant S as Owner Internal System
    participant T as ADI Trust Layer

    A->>S: Request + agent_token or API key
    S->>T: Read trust profile and verification state
    T-->>S: Identity, ownership, delegation, certificate state
    alt Policy allows action
        S-->>A: Access granted
    else Policy blocks action
        S-->>A: Access denied
    end

Mode 2: OIDC plus trust lookup

Some enterprise systems already require OIDC at the gateway or application boundary. In that case ADI can provision a standard Keycloak confidential client for the agent, the agent can fetch an OAuth2 client_credentials token, and the relying party can validate that token through standard discovery and JWKS.

OIDC still does not replace ADI. It covers the transport-side authentication step, while ADI remains the source of truth for delegation, ownership, certificate state, and revocation.

Best for enterprise IAM landscapes

Uses standard OIDC discovery, JWKS validation, and OAuth2 client_credentials

ADI remains mandatory for delegated authority checks

Enterprise mode sequence

OIDC validates the access token, but the final authorization decision still depends on the ADI trust lookup.

sequenceDiagram
    participant A as External Agent
    participant I as ADI Keycloak or Enterprise Gateway
    participant S as Enterprise System
    participant T as ADI Trust Layer

    A->>I: Request client_credentials token
    I-->>A: Access token
    A->>S: Request + OIDC token
    S->>S: Validate token locally or at gateway
    S->>T: Resolve agent trust and delegation
    T-->>S: Trust decision
    S-->>A: Access granted or denied

Mode 3: Signed delegation credential plus trust lookup

For higher-trust actions such as sensitive purchases, payment approvals, or regulated delegations, the agent can present a signed delegation credential or a signed request envelope. The relying system validates the signature and then checks the backing certificate and delegation state against ADI.

Best for regulated or high-value actions

Needs relying-party signature validation

Becomes strongest after human identification and AdES or QES issuance

High-trust mode sequence

Cryptographic proof strengthens the request, but ADI still supplies live status, revocation, and delegation truth.

sequenceDiagram
    participant A as External Agent
    participant S as Relying System
    participant T as ADI Trust Layer

    A->>S: Signed request + delegation credential
    S->>S: Verify signature or credential envelope
    S->>T: Check certificate binding, delegation, and revocation state
    T-->>S: Trust result
    alt Trust and policy both valid
        S-->>A: Action executed
    else Trust invalid or revoked
        S-->>A: Action denied
    end

How to choose without overengineering

Most teams should begin with the standard mode and only move upward when the relying system or compliance context truly demands it. The mistake is not starting simple. The mistake is collapsing authentication and trust into one ambiguous mechanism.

Standard first for speed and control

OIDC when enterprise infrastructure already expects it

Signed delegation when the action itself needs stronger proof

Decision map

Start with the simplest mode that satisfies the relying system and the accountability level of the action.

flowchart TD
    start["External agent wants to act"] --> q1["Does the relying system already require OIDC?"]
    q1 -->|No| standard["Use agent token or API key + ADI trust lookup"]
    q1 -->|Yes| oidc["Use OIDC + ADI trust lookup"]
    standard --> q2["Is cryptographic non-repudiation required?"]
    oidc --> q2
    q2 -->|No| done["Live trust decision from ADI is enough"]
    q2 -->|Yes| signed["Add signed delegation credential + ADI trust lookup"]

CONTINUE READING

More articles from the technical reading layer.

OPEN AGENT TRUST Agent interoperability

How external agents verify an ADI merchant agent

A buyer agent does not have to live inside ADI to trust an ADI merchant agent. It needs public discovery, a resolvable agent identity, signed credentials, and a clear payment mandate path. This article shows how those pieces fit together.

A2A discovery makes the merchant agent reachable.

ADI trust discovery makes the merchant agent accountable.

Read article
MERCHANT TRUST Agent commerce

How the merchant trust catalog works

A merchant agent can sell from the merchant shop, but ADI needs an independent trust reference for what that agent is allowed to sell. The merchant catalog in ADI is that reference: a canonical product whitelist used to validate agent commerce before money moves.

The shop catalog runs the business.

The ADI catalog proves what the merchant approved.

Read article
AP2 VALIDATION Agent commerce

How ADI validates what a merchant agent sells

A merchant agent can describe an offer, but ADI should not pay from description alone. ADI validates the AP2 mandates, the merchant organization, the product SKU, the trusted catalog entry, the buyer wallet, and the virtual-card policy before the transaction becomes authorized.

Conversation creates intent.

AP2 creates structured mandates.

Read article
INTEGRATIONS Agent commerce

Why shop integrations are trust inputs, not the trust layer

Shopify, WooCommerce, CSV, custom APIs, and marketplace connectors help ADI import merchant product state. They are not the trust layer by themselves. The trust layer begins when ADI normalizes that product state, binds it to a merchant organization, and uses it in mandate and payment checks.

Integration is ingestion.

Catalog governance is trust.

Read article
TRUST FOUNDATIONS Agent trust

Why agents need a trust layer

An API token only tells you whether a request is authenticated. A trust layer tells you which agent is acting, on whose behalf, which proofs are valid, and whether that agent can be stopped.

When OAuth stops being enough

Which questions a trust layer must answer

Read article
ARCHITECTURE System architecture

Separating A2A, trust, and AP2

The key architectural principle is separating the layers. A2A is communication. Trust is governance. AP2 is payment behavior.

What A2A actually standardizes

When trust is additionally required

Read article
PRODUCT ADI stack

How ADI works as an agent trust stack

ADI is not a single interface. It is an operational layer that connects discovery, identity, trust, and payment flows for agentic systems.

The platform’s four layers

Where A2A, MCP, and AP2 meet

Read article
A2A EXPLAINED A2A fundamentals

What A2A is and what it is not

A2A gives agents a shared way to describe themselves, exchange messages, and execute tasks. It does not automatically solve identity binding, delegated authority, auditability, or payment control.

A2A standardizes discovery, messages, tasks, and declared security capabilities.

A2A does not by itself answer who the agent represents or what it is permitted to do.

Read article
AP2 FOUNDATIONS AP2 payments

What AP2 solves for agent commerce

AP2 gives agent commerce a structured model for intent, cart, payment authorization, and receipts. Without that model, every agent-payment integration invents its own fragile semantics.

AP2 introduces a common vocabulary for agent payment flows.

Mandates separate scope, intent, and final payment authorization.

Read article
TRUST FOUNDATIONS Agent trust

What agent trust actually means

Agent trust is not a brand claim. It is the operational ability to prove who an agent is, on whose behalf it acts, what it is allowed to do, and how that authority can be revoked or audited.

Trust begins where authentication alone stops.

A real trust layer must support revocation, inspection, and evidence.

Read article
PRODUCT EXPLAINER ADI stack

What ADI does in an agent stack

ADI is the trust and control layer that sits between agent interoperability and real business action. It helps organizations let agents act without treating those agents like ungoverned black boxes.

ADI is where governance enters the agent stack.

The platform connects external agents, enterprise controls, and transaction policies.

Read article
SIGNATURES AND SEALS Trust services

Human signatures vs organization eSeals

A human signature proves the will or approval of a natural person. An organization eSeal proves that a trust object was issued or sealed by a legal entity. In enterprise agent systems, those are different jobs and they should not be collapsed into one.

Human signatures answer: who personally approved this?

Organization eSeals answer: which legal entity issued or stands behind this artifact?

Read article