Token enforcement communication protocol
Token enforcement communication protocol
Bot and fraud detection engines protecting websites or the website infrastructure itself must enforce the presence of the right kind of KYA token in incoming requests depending on the scenario. When the expected token type is missing or invalid, we’ve established a communication protocol to inform the agent operator how to solve the problem. This dynamic feedback will help with protocol adoption and authenticated access from AI agents. As described in the KYA specifications, there are 3 types of token that include different sets of claims, which can be used to complete different types of action.
By default the agent and the platform running the agent should always be clearly identified under the apd.name or apd.id and aid.name claims. When not present, the agent cannot be clearly identified and an error should be returned to the agent indicating the problem.
The table below provides an overview on the type of token needed to complete various transactions and the types of claims that are expected to be present in the token to complete the transaction or provide access to the resource.
|
Use case |
Information required by the site |
Min. token type required |
|---|---|---|
|
Basic registration |
Email address |
|
|
Advanced registration |
Email address First and last name Date of birth Phone number |
|
|
Login |
Email address Oauth token |
|
|
Browsing, information gathering |
Email address (optional) |
|
|
Checkout |
Email address First and last name Date of birth billing/shipping address Payment credentials |
|