Identity infrastructure for AI agents
Give any AI agent a real email inbox, phone number, virtual card, and auth tokens. One API call. Your agent operates on the internet like a human remote worker.
Paste the prompt into Claude Code, Cursor, or any coding agent to set up an identity.
The problem
AI agents that need to interact with online services today rely on hacky workarounds. Shared inboxes parsed with regex. Throwaway phone numbers from sketchy providers. Passwords and API keys stuffed into environment variables. Card details hardcoded in plaintext.
You could wire this up yourself: Twilio for phone numbers, SES or Resend for email, Stripe Issuing for cards, a credential vault, webhook handlers, OTP extraction logic, per-agent isolation. That's months of plumbing before you write a line of agent logic. And it still breaks when Twilio changes their webhook format or your regex misses an OTP pattern.
AliasKit wraps all of that into one API. Create an identity, get back an email, phone, card, and auth token. Delete it when you're done. Your agent gets a proper digital presence and you get back to building the thing that actually matters.
Where this is going
Right now, AI agents borrow their operator's identity to do anything online. That works at small scale, but it won't hold. Agents are becoming first-class internet participants, and the identity layer hasn't caught up.
Three standards camps are forming at the same time. The IETF is drafting agent authentication specs (authors from OpenAI, AWS, Ping Identity). W3C has Decentralized Identifiers and Verifiable Credentials. On-chain, ERC-8004 already has 45,000+ agents registered on Ethereum mainnet since January. The EU's eIDAS 2.0 regulation will require platforms to accept digital identity wallets by November 2027. These aren't hypothetical timelines.
AliasKit already supports JWT/JWKS (IETF-compatible), W3C DID documents, and Verifiable Credentials issued as signed VC-JWTs. For ERC-8004, we support wallet signature verification and off-chain attestation today, with full on-chain registry reads planned as the standard matures and real contract addresses deploy beyond testnet. We built against all three camps because we think the winner will be whoever bridges them, not whoever picks one.
The goal is to become the default identity provider for AI agents. Today that means giving agents emails, phones, and cards so they can operate online. Tomorrow it means "Sign in with AliasKit" becomes how services authenticate agents the same way "Sign in with Google" works for humans. We're building the credential layer that makes that possible.
What it is: The traditional enterprise auth stack. JWTs (JSON Web Tokens) are signed tokens that prove identity. JWKS (JSON Web Key Sets) let any service verify those tokens without calling the issuer. OAuth 2.0 is the protocol that ties it together.
Why it matters: This is what enterprises already use for human auth. The IETF is now drafting specs (WIMSE, SPIFFE) to extend it to non-human identities, with authors from OpenAI, AWS, and Ping Identity. AliasKit issues RS256/ES256 JWTs with a public JWKS endpoint, so any service that already verifies human tokens can verify agent tokens with zero changes.
AliasKit: Agent Identity Tokens (JWTs) with audience + capability scoping, JWKS endpoint for offline verification, max 1-hour TTL.
What it is: DIDs (Decentralized Identifiers) are URIs that resolve to a document describing who you are and how to verify your signatures. Verifiable Credentials (VCs) are signed claims about an entity, like a digital passport that any service can check without calling the issuer.
Why it matters: DIDs let agents have a portable, self-describing identity that isn't locked to one platform. VCs let agents carry proof of reputation, capabilities, or authorization across services. The EU's eIDAS 2.0 regulation (mandatory by November 2027) is built on this stack.
AliasKit: Every agent gets a did:web document served at a resolvable URL. Reputation credentials are issued as signed VC-JWTs (W3C VC Data Model 1.0) containing score, tier, and capabilities.
What it is: ERC-8004 is an Ethereum standard for registering agent identities on-chain. A smart contract maps token IDs to agent metadata, creating a public, tamper-proof registry. 45,000+ agents are registered on Ethereum mainnet since January 2026.
Why it matters: On-chain identity gives agents a trust anchor that no single company controls. Services can check an agent's registration and history without trusting the agent's platform. It's early, but the adoption curve is real.
AliasKit: Wallet signature verification and off-chain attestation today. Agents can link their AliasKit identity to an Ethereum wallet via signed message. Full on-chain registry reads planned as real contract addresses deploy beyond testnet.
How it works
Create an identity
One API call creates a persistent identity with a unique ID and a real @aliaskit.com email address. Optionally provision a phone number and attach a virtual card. The identity persists across sessions.
Use its channels
Your agent sends and receives email, handles SMS verification, extracts OTP codes, and makes payments through the identity. Everything is scoped and isolated. No shared inboxes, no credential leaks between agents.
Manage the lifecycle
Issue short-lived auth tokens for downstream services. Monitor spending via declared budgets. Freeze or delete identities when done. Phone numbers and resources are cleaned up automatically.
What you get
Every identity comes with real infrastructure, not mocks.
Every identity gets a real @aliaskit.com inbox that can send and receive email. The SDK polls for incoming mail and returns the full message so your agent (LLM) can parse verification codes, magic links, or anything else. No regex, no IMAP scraping. Messages are stored and queryable by identity.
const identity = await ak.identities.create()// → { email: "agent-47@aliaskit.com" } const email = await ak.emails.waitForCode(identity.id)// → { subject: "Verify your account", body_text: "Your code is 482910" } const emails = await ak.emails.list(identity.id)Works with your stack
Ship today with the TypeScript SDK or REST API. Framework integrations are landing fast.
npm install aliaskitgithub.com/AliasKit/aliaskit-mcpgithub.com/AliasKit/skillSecurity model
We handle identity infrastructure, so trust matters. Here is how we think about it.
Card details are encrypted with your key before leaving your device. We store ciphertext only. Decryption happens on your machine when you call reveal().
Every identity has its own email address, phone number, and credentials. No shared inboxes, no cross-agent data leakage. Delete an identity and its resources are purged.
Agent Identity Tokens are JWTs with a max TTL of 1 hour, scoped by audience and capabilities. Verifiable offline via JWKS with no callback to AliasKit.
API keys are scoped per organization with granular permission scopes. All API calls are authenticated and rate-limited with sliding windows. Keys can be revoked instantly from the dashboard.
All API traffic is TLS-encrypted. Card encryption uses a separate client-side key that never touches our servers. Phone numbers and emails are provisioned through Twilio and Resend.
Messages, token issuances, and card reveals are logged as reputation events with timestamps. Query an identity's event history via the API. Card reveals get a separate detailed audit log with IP and user agent.
Give your agent an identity
Free to start. No credit card.