Forem: All For Science

Add cryptographic authorization to AI agents in 5 minutes

All For Science — Thu, 23 Apr 2026 02:52:37 +0000

You have AI agents calling each other. You're using API keys or mTLS. You're worried it's not enough.

API keys authenticate. They don't authorize. They don't scope. They don't audit delegation chains.

Here's how to add all four in under 5 minutes using Codios — an A2A security layer built on signed capability contracts.

What you'll build

Two agents with cryptographic identities (Ed25519 keypairs)
A signed contract granting specific permissions
A protected API endpoint that verifies contracts offline
Full audit logs of every authorization decision

Time: ~5 minutes

What you need: Node.js and a Codios account (free at codios.midlantics.com)

Step 1: Install the SDK

npm install @codios/sdk

Step 2: Generate keypairs using the CLI (easiest)

The Codios CLI can generate a keypair and save it to your .env file automatically:

bash
codios keygen --save .env

This appends CODIOS_PUBLIC_KEY and CODIOS_PRIVATE_KEY to your .env file.

To generate manually in TypeScript:

import { generateAgentKeyPair } from "@codios/sdk"

const agent = await generateAgentKeyPair()
console.log("DID:", agent.did)
console.log("Public key:", agent.publicKey)
console.log("Private key:", agent.privateKey) // Save this securely

Step 3: Register your agent in the dashboard

Log into the Codios dashboard

Go to the Agents tab
Click Register agent
Enter a name (e.g., "billing-agent")
Optional: Add capabilities (e.g., transfer, quote)
Leave Public key blank — Codios generates a keypair for you
Click Register Important: The private key is shown once. Copy and store it immediately. It cannot be recovered.

Alternative using CLI:

codios register --name billing-agent --public-key $CODIOS_PUBLIC_KEY

Step 4: Issue a contract using the 4-step wizard

Go to the Contracts tab in the dashboard
Click Connect agents
Issuer — Select the agent that will make requests (or choose Codios Platform to have Codios sign on your behalf)
Targets — Select one or more agents that will receive requests (each gets its own independent contract)
Permissions — Define allowed actions (e.g., transfer ). Set duration (1h / 1d / 7d / 30d) and optional max calls
Review — Confirm the flow, then click Issue contract After issuance, each target's contract token is shown. Copy each token — you'll pass it as the X-Codios-Contract header.

Contract status: active → expired (TTL elapsed) or revoked (manually revoked)

Step 5: Protect your service with middleware

import express from "express"
import { codiosGuard } from "@codios/sdk"

const app = express()

app.post(
  "/transfer",
  codiosGuard({
    action:      "transfer",     // Must match contract's allowed action
    publicKey:   process.env.SERVICE_AGENT_PUBLIC_KEY,
    gatewayUrl:  "https://codios-api.midlantics.com",
  }),
  (req, res) => {
    // Only reaches here if the contract is valid
    res.json({ ok: true })
  }
)

app.listen(3000)

Step 6: Call the protected service

const response = await fetch("http://localhost:3000/transfer", {
  method: "POST",
  headers: {
    "Content-Type":      "application/json",
    "X-Codios-Contract": contractToken,  // The token from Step 4
  },
  body: JSON.stringify({ amount: 100 }),
})

What happens on every request

Step	Time
Verify Ed25519 signature (offline)	~0ms
Check expiry, actions, max_calls	~0ms
Nonce check (Redis SET NX)	~1ms
Async audit log write	Non-blocking

Total overhead: 1-2ms

If a contract is expired, out of calls, or already used → HTTP 403 or 409.

Dashboard features you'll use

Tab	What it does
Overview	Stats: registered agents, active contracts, audit entries (24h), denied requests
Agents	Register agents, view DID/public key, see heartbeat status (green/yellow/red)
Contracts	Issue contracts via wizard, revoke, check status
Audit Log	Filter by outcome, action, agent. Retention: Free=7d, Starter=30d, Pro=90d
Threat Detection (Pro)	Scans for off-hours access, action bursts, unknown agents, repeated denials
Alert Rules (Starter+)	Email on denial spikes, rate limit exceeded, agent inactive
API Keys	Create codios_sk_... keys for backend services

Next steps

Add heartbeat – Have your agent call POST /agents/{id}/heartbeat every minute to keep status green
Set up alert rules – Get email notifications when something goes wrong
Review the audit log – See every allow/deny decision
Try the Python SDK – FastAPI middleware also available

Get your API key: codios.midlantics.com

Full documentation: codios.midlantics.com/docs

Why this matters

API keys were designed for humans. AI agents are different — autonomous, fast, and chained.

Codios gives you the security model agents actually need, without adding latency to your hot path.

An agent called my payment API 50,000 times in 90 seconds. Here's what broke.

All For Science — Thu, 23 Apr 2026 01:28:58 +0000

It was 2:47 AM on a Tuesday.

My phone lit up with 47 alerts in under a minute.

"Payment endpoint: rate limit exceeded"
"Payment endpoint: 429 errors"
"Payment endpoint: CPU 98%"

I opened the logs. What I saw made my stomach drop.

Agent payments-batch-23a7 had called the /transfer endpoint 50,342 times in 90 seconds.

Each call succeeded.

Each call moved money.

And the API key? It worked perfectly. Authenticated every single request.

How we got here

Three months earlier, we had built a multi-agent payment system.

Agent A (orchestrator) received a customer request
Agent B (risk check) validated the transaction
Agent C (payment executor) called Stripe
Agent D (notification) sent confirmations

We secured it the way everyone does: API keys.

Each agent had a key. Each service validated the key. Simple. Familiar. We shipped fast.

We thought we were done.

The root cause

The 2:47 AM incident wasn't a hack. No external attacker.

It was a bug.

Agent B (risk check) entered an error loop. Every time it failed to validate, it retried. Every retry created a new payment request. The orchestrator saw each request as legitimate — because the API key was valid.

The key told us who was calling. It told us nothing about how many times or under what conditions.

Our rate limits were at the human level: 1000 requests per minute per key. Agent B's error loop generated 50k requests in 90 seconds — well under the per-minute limit because the loop was distributed across multiple instances.

We had no per-agent counters. No per-action limits. No circuit breakers at the agent level.

What we tried first

Fix #1: Stricter rate limits

We dropped the limit to 100 requests per minute per key.

Three hours later, a legitimate batch job failed. Customers complained. We reverted.

Fix #2: Manual approval for payments

Every transfer needed a human to click "approve" in a dashboard.

Agents are supposed to be autonomous. This defeated the entire point. Agents waited minutes for human clicks. Throughput collapsed.

Fix #3: Hardcoded agent IDs

We embedded agent IDs into the payment service logic.

Works until you add a new agent type. Then you modify code. Then you test. Then you deploy. Then you pray.

We added four new agent types in two weeks. The hardcoded approach became unmaintainable overnight.

What actually worked

We realized we needed four things that API keys don't provide:

Per-agent counters — Agent B can call transfer 100 times. Then it's blocked.
Per-action limits — Risk check can call "validate" 10k times but "transfer" only 100 times.
Time-bound permissions — A batch agent only works between 2-4 AM. Outside that window, calls are rejected.
Delegation tracing — When Agent C calls Stripe, we need to know the full chain (A → B → C), not just C.

We built all four into a system we called Codios.

How Codios changed our 2:47 AM problem

Here's what happens now when an agent calls our payment endpoint:

Before (API keys):

Check key → valid → execute → money moves → audit log shows "Agent C called /transfer"

After (Codios):

Agent carries a signed capability contract
The contract says: "Agent B can call /transfer 100 times, expires in 1 hour"
The payment service verifies the signature offline (~0ms)
Checks the counter — if 100 reached, reject
Checks expiry — if outside window, reject
Consumes a nonce to prevent replay
Writes to audit log with full delegation chain
Then executes the transfer

When Agent B's error loop happened again three weeks later:

Call #101 hit the contract limit. Rejected. No money moved. My phone didn't ring at 2:47 AM.

What we learned

API keys are not enough for agents.

Not because API keys are bad. Because they solve the wrong problem. Authentication is table stakes. Authorization — with scope, limits, and time — is what agents actually need.

Build for failure loops, not just happy paths.

We designed security for the "agent works correctly" case. We forgot the "agent breaks and calls the same endpoint 50k times" case. That's where all the risk lives.

Delegation chains need full visibility.

When something fails three agents deep, you need to know the whole path. Partial logs are worse than no logs — they send you down the wrong debugging path.

Where we are now

Codios runs in production across our payment, risk, and notification agents.

Average enforcement overhead: 1.8ms
False positives from rate limits: 0 since deployment
Unauthorized calls blocked: 127,000+ (mostly from error loops like the one above)
2:47 AM phone calls: 0

If you're building agent systems

Codios is open for teams who want to skip the pain.

→ codios.midlantics.com

Or just reply here. Happy to share more war stories about what broke — and what finally worked.

An agent called my payment API 50,000 times in 90 seconds. Here's what broke.

All For Science — Thu, 23 Apr 2026 01:22:41 +0000

It was 2:47 AM on a Tuesday.

My phone lit up with 47 alerts in under a minute.

"Payment endpoint: rate limit exceeded"
"Payment endpoint: 429 errors"
"Payment endpoint: CPU 98%"

I opened the logs. What I saw made my stomach drop.

Agent payments-batch-23a7 had called the /transfer endpoint 50,342 times in 90 seconds.

Each call succeeded.

Each call moved money.

And the API key? It worked perfectly. Authenticated every single request.

How we got here

Three months earlier, we had built a multi-agent payment system.

Agent A (orchestrator) received a customer request
Agent B (risk check) validated the transaction
Agent C (payment executor) called Stripe
Agent D (notification) sent confirmations

We secured it the way everyone does: API keys.

Each agent had a key. Each service validated the key. Simple. Familiar. We shipped fast.

We thought we were done.

The root cause

The 2:47 AM incident wasn't a hack. No external attacker.

It was a bug.

The key told us who was calling. It told us nothing about how many times or under what conditions.

We had no per-agent counters. No per-action limits. No circuit breakers at the agent level.

What we tried first

Fix #1: Stricter rate limits

We dropped the limit to 100 requests per minute per key.

Three hours later, a legitimate batch job failed. Customers complained. We reverted.

Fix #2: Manual approval for payments

Every transfer needed a human to click "approve" in a dashboard.

Agents are supposed to be autonomous. This defeated the entire point. Agents waited minutes for human clicks. Throughput collapsed.

Fix #3: Hardcoded agent IDs

We embedded agent IDs into the payment service logic.

Works until you add a new agent type. Then you modify code. Then you test. Then you deploy. Then you pray.

We added four new agent types in two weeks. The hardcoded approach became unmaintainable overnight.

What actually worked

We realized we needed four things that API keys don't provide:

Per-agent counters — Agent B can call transfer 100 times. Then it's blocked.
Per-action limits — Risk check can call "validate" 10k times but "transfer" only 100 times.
Time-bound permissions — A batch agent only works between 2-4 AM. Outside that window, calls are rejected.
Delegation tracing — When Agent C calls Stripe, we need to know the full chain (A → B → C), not just C.

We built all four into a system we called Codios.

How Codios changed our 2:47 AM problem

Here's what happens now when an agent calls our payment endpoint:

Before (API keys):

Check key → valid → execute → money moves → audit log shows "Agent C called /transfer"

After (Codios):

Agent carries a signed capability contract
The contract says: "Agent B can call /transfer 100 times, expires in 1 hour"
The payment service verifies the signature offline (~0ms)
Checks the counter — if 100 reached, reject
Checks expiry — if outside window, reject
Consumes a nonce to prevent replay
Writes to audit log with full delegation chain
Then executes the transfer

When Agent B's error loop happened again three weeks later:

Call #101 hit the contract limit. Rejected. No money moved. My phone didn't ring at 2:47 AM.

What we learned

API keys are not enough for agents.

Not because API keys are bad. Because they solve the wrong problem. Authentication is table stakes. Authorization — with scope, limits, and time — is what agents actually need.

Build for failure loops, not just happy paths.

We designed security for the "agent works correctly" case. We forgot the "agent breaks and calls the same endpoint 50k times" case. That's where all the risk lives.

Delegation chains need full visibility.

When something fails three agents deep, you need to know the whole path. Partial logs are worse than no logs — they send you down the wrong debugging path.

Where we are now

Codios runs in production across our payment, risk, and notification agents.

Average enforcement overhead: 1.8ms
False positives from rate limits: 0 since deployment
Unauthorized calls blocked: 127,000+ (mostly from error loops like the one above)
2:47 AM phone calls: 0

If you're building agent systems

You don't have to build this yourself. It took us three months and two production incidents to get it right.

Codios is open for teams who want to skip the pain.

→ codios.midlantics.com

Or just reply here. Happy to share more war stories about what broke — and what finally worked.

API keys were designed for humans. AI agents break them in 4 ways.

All For Science — Wed, 22 Apr 2026 22:40:06 +0000

You're building multi-agent AI systems. Agent A calls Agent B. Agent B calls Agent C.

Every one of those calls is an API request protected by... what?

API keys? mTLS? Good luck.

Here's what happens when you use human security for autonomous agents.

The four ways agents break API security

1. No human approval loop

A compromised human API key triggers alarms when 10,000 requests happen at 3am. A compromised agent can make 10,000 requests in 3 minutes. By the time you notice, the damage is done.

2. Machine speed

Humans make deliberate calls. Agents make thousands per minute. A misconfiguration doesn't slowly leak — it explodes.

3. Delegation chains

Agent A calls Agent B calls Agent C. Your API key travels the whole chain. One compromised link, and everything downstream is exposed.

4. Ephemeral identity

Agents spin up and die constantly. Static API keys don't map to ephemeral processes. Teams end up with one key for "all agents" — a nightmare to rotate or revoke.

What you actually need

Not API keys. Not mTLS alone.

You need:

Identity that's cryptographically verifiable offline
Authorization baked into every call, not checked at the door once
Scope that limits exactly which actions an agent can take
Audit that traces delegation chains, not just individual calls

And you need all of it to add less than 2ms of latency — because agents don't wait.

Figure: The four layers of Codios Midlantics A2A security — Identity, Authorization, Scope, and Audit.

We built this so you don't have to struggle

We built Codios — cryptographic authorization for AI agents.

Ed25519-based identity that verifies in ~0ms
Capability contracts that carry identity, scope, and expiry together
Full audit trails across delegation chains
TypeScript and Python SDKs with Express/FastAPI middleware

It's the authorization layer your multi-agent system is missing.

→ codios.midlantics.com

The bottom line

You can use Codios and ship today.

If you're running AI agents in production and worried about security, let's talk.