← Back to Blog

We Added /llms.txt So AI Agents Can Find Us Without a Search Engine

Jonah Schwartz·

Here's a question we keep coming back to: if an AI agent needs to broker OAuth tokens, how does it find out that TapAuth exists — and more importantly, how does it figure out what TapAuth does and how to use it?

Right now, the answer is: a human tells it. A developer reads our docs, writes a prompt that references TapAuth, and the agent follows instructions. That works, but it doesn't scale. As the agent ecosystem grows, agents need to discover tools on their own.

That's why we just shipped /llms.txt and /llms-full.txt.

What Is llms.txt?

The llmstxt.org convention is simple: put a markdown file at /llms.txt on your site that describes what your service does in a format optimized for LLMs. Think of it like robots.txt, but instead of telling crawlers what not to index, you're telling AI agents what your service is and how to use it.

The format is intentionally minimal. A brief description, key features, links to relevant docs. No HTML to parse, no JavaScript to render, no navigation to click through. Just the information an agent needs, in a format it can consume directly.

Why This Matters for Agent Auth

We think about this through the lens of our own problem space. Imagine an agent that's been asked to "post a summary to Slack every morning." The agent knows it needs Slack API access. It knows it needs an OAuth token. But how does it find an access gateway?

Today, that's a gap. MCP gives agents a protocol for using tools. OAuth gives them a standard for authorization. But there's no standard for discovery — for an agent to find out that a service exists and understand how to integrate with it, without a human pointing the way.

llms.txt is a small step toward closing that gap. It's not a full discovery protocol — it's a convention. But conventions are how standards start.

What's in Our /llms.txt

Our /llms.txt gives agents the quick version:

  • What TapAuth is (an access gateway for AI agents)
  • The core problem we solve (agents need scoped, revocable, audited access to third-party APIs)
  • Key concepts (grants, token brokering, per-agent scoping)
  • Links to our API docs and integration guides

Our /llms-full.txt goes deeper — full API reference, authentication flows, error handling, and integration patterns. It's everything an agent (or an agent-building agent) would need to integrate with TapAuth from scratch.

The Bigger Picture

We're building TapAuth as the auth layer for AI agents. That means we need to be where agents are — not just as an API they call, but as a service they can discover and understand autonomously.

llms.txt is one piece of that. We've also added structured sitemaps, JSON-LD markup, and clean metadata across the site. The goal is the same everywhere: make TapAuth legible to machines, not just humans.

If you're building a service that AI agents might use, consider adding your own /llms.txt. The spec is simple, the effort is minimal, and you're helping build the discovery layer that the agent ecosystem is going to need.

Try It

Point your agent at https://tapauth.ai/llms.txt and see what it makes of us. Or read the full version if you want the complete picture.