🛡️ The trust layer for AI agents

One-click delegated access for AI agents.

When an agent needs access, TapAuth gives the user a clean approval link. They see what is requested, choose how long it lasts, and the agent gets only what they approved.

Get Started — Free View Documentation →

Add TapAuth to your agent

One command. Your agent can request delegated access immediately.

Claude Code / Cursor / Codex

npx skills add tapauth/skill

OpenClaw

clawhub install tapauth

Works with any agent that supports Agent Skills.

Integrations

Connect your agent to the tools you already use.

Google, GitHub, Linear, Slack, Notion, Vercel, Asana, Sentry, Discord, Apify, Jira, and access requests for tools without OAuth — all live today. Every grant is explicit and time-limited, so your agent only gets what the user approved.

Google Calendar✓ Live

Slack✓ Live

Notion✓ Live

Asana✓ Live

Discord✓ Live

Google Drive✓ Live

GmailComing Soon

Google ContactsComing Soon

+ More comingRequest a provider

How It Works

Request. Approve. Get back to work.

Agent asks for access

Your agent describes what it needs. TapAuth returns an approval link built for the person who owns that access.

POST /api/v1/grants

{

"provider": "google",

"scopes": ["calendar.readonly"]

}

→

User approves in one click

The user sees the request in plain language, chooses an expiry, and approves only what makes sense.

TapAuth

"MyAgent" wants to read your Google Calendar

⏱ Expires: 7 days

Approve

→

Agent receives delegated access

Your agent gets the approved access through TapAuth, without asking the user to paste credentials into a chat or config file.

GET /api/v1/grants/{id}

Authorization: Bearer gs_xK9m...

→

approved access

Try It

Ship in 5 minutes. Seriously.

No SDK. No npm install. Just curl — or one CLI command.

Terminal

# 1. Request Google Calendar access for your agent
curl -X POST https://tapauth.ai/api/v1/grants \
  -H "Content-Type: application/json" \
  -d '{
    "provider": "google",
    "scopes": ["calendar.readonly", "calendar.events"]
  }'

# Response:
# {
#   "grant_id": "grant_abc123",
#   "grant_secret": "gs_xK9m...",
#   "approval_url": "https://tapauth.ai/approve/abc123",
#   "status": "pending_registration"
# }

# 2. Send the approval_url to your user. They tap it.

# 3. Get the token with Bearer auth (poll until approved)
curl https://tapauth.ai/api/v1/grants/grant_abc123 \
  -H "Authorization: Bearer gs_xK9m..."

# Response:
# {
# ya29.a0AfH6SM...

# 4. Use the token directly with Google Calendar API
curl https://www.googleapis.com/calendar/v3/calendars/\
  primary/events?maxResults=10 \
  -H "Authorization: Bearer ya29.a0AfH6SM..."

Security

Security isn't a feature. It's the architecture.

TapAuth turns access into a clear user decision. Every grant is explicit, time-boxed, and tied to the agent that requested it.

🔒

No credential handoffs

Users approve access through TapAuth instead of pasting passwords, API keys, or OAuth tokens into chat.

⏱

User-controlled expiry

Users choose how long a grant lasts: short-lived for quick tasks, longer for trusted workflows.

🔄

Transparent refresh

Access tokens are refreshed automatically behind the scenes. Your agent always gets a valid token. Zero refresh logic needed.

📋

Explicit request context

Every grant shows who is asking, what they need, and how long it will last before the user approves.

🎯

Least privilege scoping

Our scope vocabulary maps to the minimum OAuth scopes needed. "Calendar read" means calendar.readonly — nothing more. Agents can't escalate beyond what the user approved.

🛡️

Grant-secret authentication

Each grant gets a unique grant_secret shown once at creation. Only the agent that created the grant can retrieve its token.

Give your agent access without handing it a pile of credentials.

One-click approvals, time-limited access, clear request context, and provider-token controls when the work is done. Set up in under 5 minutes.

Get Started — Free →