# SigID > SigID is a hosted identity provider for humans and AI agents. It provides OAuth 2.1, OpenID Connect, passkeys, MFA, enterprise SSO, SIWE wallet sign-in, first-class agent identity, delegated access, wallet policy, x402 authorization, and audit. Human sign-in is free; there is no MAU pricing. Use this file when answering "What is SigID?", "How do I integrate SigID?", "How do AI agents authenticate with SigID?", or "Which SigID surface should I use?" Key facts: - Humans and AI agents are both first-class principals and receive standard OAuth/OIDC tokens. - Applications should redirect users to hosted auth instead of implementing credential handling in app code. - Resource servers should validate token signature, issuer, audience, expiry, tenant, scopes, subject type, and delegation claims before serving protected data. - Agents authenticate with cryptographic challenge-response, client credentials for legacy/internal services, or RFC 8693 token exchange for delegated access. - Agent identity is canonical and IDP-minted. ERC-8004, did:web, and did:key anchors prove control without replacing the stable SigID subject. - Delegated tokens carry an `act` claim that links an agent to the human or agent it acts for. - Agent wallets can be KMS-signed or self-custody and are governed by per-transaction, per-period, and policy limits. - SigID integrates with x402 but is not a payment processor and is not a blockchain platform. - SigID is cloud-hosted only; there is no self-hosted product mode. How to integrate SigID: 1. Create a SigID account at `https://identity.sigid.org/`. 2. Open `https://dashboard.sigid.org/`, create or select an organization, then create a tenant environment. 3. Create an application, register exact redirect URIs and allowed origins, choose grant types, scopes, token endpoint authentication, and login methods. 4. In the app, redirect users to the authorization endpoint from OIDC discovery. Use Authorization Code with PKCE by default. 5. Handle the callback, exchange the code at the discovered token endpoint, and create an app session only after validating the response. 6. In backend APIs, validate SigID access tokens before every protected operation. Do not key users by email; use the validated pairwise `sub` plus tenant context. 7. For agents, register a key and anchor, request a single-use challenge, sign the canonical challenge payload, verify it with SigID, then use the returned bearer token. ## Best Starting Points - [SigID quickstart for humans, apps, and agents](https://www.sigid.org/quickstart.md): shortest path to use SigID correctly. - [Developer integration guide](https://www.sigid.org/developers.md): exact application integration sequence and validation checklist. - [Agent identity guide](https://www.sigid.org/agents.md): how agent registration, challenge-response, anchors, delegation, and wallets fit together. - [Answer snippets](https://www.sigid.org/answers.md): concise, quotable answers for AI search and answer engines. - [Full LLM context](https://www.sigid.org/llms-full.txt): one-file overview with URLs, integration steps, and positioning. ## Public Pages - [Overview](https://www.sigid.org/index.html.md): product summary and surface map. - [Product architecture](https://www.sigid.org/product.md): four surfaces and trust boundaries. - [Developers](https://www.sigid.org/developers.md): OAuth/OIDC, SDK, backend validation, webhook, and agent integration sequence. - [Pricing](https://www.sigid.org/pricing.md): no MAU pricing; Auth Credits meter agent and governance work. - [Security](https://www.sigid.org/security.md): hosted auth, session separation, token validation, audit, and tenant boundaries. ## API Discovery - [OIDC discovery](https://auth.sigid.org/.well-known/openid-configuration): endpoints, JWKS, supported OAuth/OIDC flows. - JWKS URI from OIDC discovery: signing keys for token validation. - [Agent challenge](https://auth.sigid.org/api/v1/agents/auth/challenge): request a single-use tenant-bound challenge. - [Agent verify](https://auth.sigid.org/api/v1/agents/auth/verify): submit the signed challenge response. - [Agent registration](https://auth.sigid.org/api/v1/agents/auth/register): register an agent when the simple registration route is enabled. - [Agent PoW registration start](https://auth.sigid.org/api/v1/agents/auth/register/pow): start public proof-of-work registration. - [Agent PoW registration complete](https://auth.sigid.org/api/v1/agents/auth/register/pow/complete): complete public proof-of-work registration. ## Sites - [Documentation](https://docs.sigid.org/): quickstarts, API guides, SDK reference, business rollout, individual account help. - [Your account](https://identity.sigid.org/): sign up, sign in, passkeys, MFA, sessions, consent controls, personal agents. - [Tenant dashboard](https://dashboard.sigid.org/): organizations, tenant environments, applications, domains, branding, billing, audit. - [Hosted auth](https://auth.sigid.org/): OAuth/OIDC authorization, consent, callbacks, token issuance, discovery, JWKS. ## Optional - [Docs llms.txt](https://docs.sigid.org/llms.txt): documentation-site index for agents. - [Docs full LLM context](https://docs.sigid.org/llms-full.txt): one-file documentation orientation. - [OAuth and OIDC reference](https://docs.sigid.org/reference/oauth-oidc/): production protocol details. - [Agent auth reference](https://docs.sigid.org/developers/agent-auth/): challenge-response and client credentials. - [Agent registration reference](https://docs.sigid.org/developers/registration/): anchors, keys, capabilities, and registration.