Agent Ledger API
EU AI Act compliance-as-a-service. Register your AI agents, classify risk automatically, and maintain an immutable audit trail of decisions — all in a few API calls.
All requests and responses use JSON. Set
Content-Type: application/json on all POST requests. The API is served over HTTPS only.What you can do
- Register agents — submit your AI agent's profile and receive an instant EU AI Act risk classification (unacceptable / high / limited / minimal) with relevant articles
- Log decisions — create tamper-evident audit records (SHA-256 hashed) of every automated decision your agent makes
- Run risk scans — interactive questionnaire-based scan to pre-check any AI system before deployment, no account required
- Manage API keys — create and revoke keys per project or environment
Try It Live (Sandbox)
Explore the API without creating an account. Use our demo agent and pre-authenticated sandbox key.
Sandbox API Key:
Demo Agent ID:
All data is read-only and refreshed every 24 hours.
al_sandbox_ed036aa88c32f53209cdc956b221f4cfDemo Agent ID:
agt_demo_sandbox_001All data is read-only and refreshed every 24 hours.
Pre-authenticated Swagger UI
Use the Swagger UI with sandbox credentials pre-filled:
Example Request to Sandbox Agent
curl -X GET https://agentledgerhq.com/api/v1/agents/agt_demo_sandbox_001 \
-H "Authorization: Bearer al_sandbox_ed036aa88c32f53209cdc956b221f4cf" \
-H "Content-Type: application/json"const res = await fetch('https://agentledgerhq.com/api/v1/agents/agt_demo_sandbox_001', {
headers: {
'Authorization': 'Bearer al_sandbox_ed036aa88c32f53209cdc956b221f4cf',
'Content-Type': 'application/json'
}
})
const agent = await res.json()
console.log(agent)Ready to build?
Create your own API key and agents:
Quick Start
From zero to your first compliant agent in under 2 minutes.
-
1Create an account and get your API key
curl -X POST https://agentledgerhq.com/api/v1/register \ -H "Content-Type: application/json" \ -d '{"name": "Ada Lovelace", "email": "ada@example.com"}'const res = await fetch('https://agentledgerhq.com/api/v1/register', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ name: 'Ada Lovelace', email: 'ada@example.com' }) }) const data = await res.json() // data.api_key = "al_live_xxx..." — store this securely!Your API key is shown only once. Store it in a secrets manager or environment variable immediately. It will also be sent to your email. -
2Register your first AI agent
curl -X POST https://agentledgerhq.com/api/v1/agents \ -H "Authorization: Bearer al_live_YOUR_KEY" \ -H "Content-Type: application/json" \ -d '{ "name": "Hiring Screening Bot", "description": "Screens job applications and shortlists candidates", "type": "decision", "autonomy_level": "semi-autonomous", "decision_types": ["application_screening", "candidate_ranking"], "data_processed": ["cv", "employment_history"], "human_oversight": true, "deployment_environment": "production" }'const res = await fetch('https://agentledgerhq.com/api/v1/agents', { method: 'POST', headers: { 'Authorization': 'Bearer al_live_YOUR_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify({ name: 'Hiring Screening Bot', description: 'Screens job applications and shortlists candidates', type: 'decision', autonomy_level: 'semi-autonomous', decision_types: ['application_screening', 'candidate_ranking'], data_processed: ['cv', 'employment_history'], human_oversight: true, deployment_environment: 'production' }) }) const agent = await res.json() // agent.risk_class = "high", agent.eu_ai_act_articles = [...] console.log(`Agent ${agent.id} classified as: ${agent.risk_class}`) -
3Log a decision for your agent
curl -X POST https://agentledgerhq.com/api/v1/decisions \ -H "Authorization: Bearer al_live_YOUR_KEY" \ -H "Content-Type: application/json" \ -d '{ "agent_id": "agent_xxx", "decision_type": "application_screening", "input_summary": "CV for John Doe, 5 years experience", "output_summary": "Shortlisted — meets minimum criteria", "confidence": 0.82, "human_reviewed": true }'const res = await fetch('https://agentledgerhq.com/api/v1/decisions', { method: 'POST', headers: { 'Authorization': 'Bearer al_live_YOUR_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify({ agent_id: 'agent_xxx', decision_type: 'application_screening', input_summary: 'CV for John Doe, 5 years experience', output_summary: 'Shortlisted — meets minimum criteria', confidence: 0.82, human_reviewed: true }) }) const decision = await res.json() // decision.audit_hash = "sha256:abc..." — immutable proof of this decision
That's it — your agent is now registered, risk-classified, and you have an immutable audit trail. The EU AI Act requires this for high-risk systems operating in the EU.
Try the API
Copy-paste these examples into your terminal to test the API. Replace al_live_YOUR_KEY with your actual API key.
Get Your API Key
curl -X POST https://agentledgerhq.com/api/v1/register \
-H "Content-Type: application/json" \
-d '{
"name": "Test Account",
"email": "test@example.com"
}'
# Response includes:
# "api_key": "al_live_XXXX..."Check API Health
curl https://agentledgerhq.com/api/health
# Response: { "status": "ok", "service": "agentledger-api", "version": "1.0.0" }Run a Risk Scan (No Auth Required)
curl -X POST https://agentledgerhq.com/api/v1/scans \
-H "Content-Type: application/json" \
-d '{
"q1_purpose": "hiring_decisions",
"q2_human_impact": "high",
"q3_autonomy": "semi_autonomous",
"q4_data_types": ["cv_data", "employment_history"],
"q5_human_oversight": true,
"q6_affected_persons": "job_applicants",
"q7_eu_operated": true,
"q8_reversible": true,
"q9_sector": "HR"
}'
# Response includes:
# "risk_class": "high"
# "risk_score": 72
# "applicable_articles": [...]Register an Agent
curl -X POST https://agentledgerhq.com/api/v1/agents \
-H "Authorization: Bearer al_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Credit Scoring Engine",
"description": "Evaluates creditworthiness based on financial history",
"type": "decision",
"autonomy_level": "semi-autonomous"
}'
# Response includes: "id", "risk_class", "risk_score", "eu_ai_act_articles"List Your Agents
curl -H "Authorization: Bearer al_live_YOUR_KEY" \
https://agentledgerhq.com/api/v1/agents
# Response: { "data": [...agents...], "total": 5 }Log a Decision
curl -X POST https://agentledgerhq.com/api/v1/decisions \
-H "Authorization: Bearer al_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "ag_XXXX",
"decision_type": "credit_decision",
"input_summary": "Applicant: Jane Doe, income €50k/year, credit score 750",
"output_summary": "Approved for €20,000 loan",
"confidence": 0.85,
"human_reviewed": true
}'
# Response includes: "id", "decision_risk_score", "audit_hash"Export Decision Ledger
curl -H "Authorization: Bearer al_live_YOUR_KEY" \
"https://agentledgerhq.com/api/v1/decisions/export?format=csv&agent_id=ag_XXXX"
# Returns CSV file for audit complianceFor interactive API exploration, use the OpenAPI spec or try the Swagger UI.
Authentication
Agent Ledger uses API key authentication via the HTTP Authorization header.
Bearer Token
Pass your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer al_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxKey Format
All API keys follow the pattern al_live_ followed by a 32-character hex string. Keys are prefixed to distinguish live keys from test keys in future.
Key Security
- Keys are shown only once at creation. Store them in a secrets manager (e.g. AWS Secrets Manager, HashiCorp Vault, or environment variables).
- Never commit keys to version control.
- Rotate keys by creating a new key and revoking the old one.
- Each account can have multiple keys — use one per environment or service.
Endpoints that require authentication
| Endpoint | Auth Required |
|---|---|
GET /api/health | None |
GET /api/v1 | None |
POST /api/v1/register | None |
POST /api/v1/scans | Optional |
GET /api/v1/agents | Required |
POST /api/v1/agents | Required |
GET /api/v1/agents/:id | Required |
DELETE /api/v1/agents/:id | Required |
GET /api/v1/decisions | Required |
POST /api/v1/decisions | Required |
GET /api/v1/keys | Required |
POST /api/v1/keys | Required |
DELETE /api/v1/keys/:id | Required |
Rate Limits
Rate limits protect the API from abuse and ensure fair usage across all accounts.
| Plan | Requests / min | Agents | Decisions / month | Scans / month |
|---|---|---|---|---|
| Free | 60 | 5 | 1,000 | 50 |
| Pro | Contact us | Contact us | Contact us | Contact us |
| Enterprise | Custom | Unlimited | Unlimited | Unlimited |
Need higher limits? View our pricing page or email us at hello@agentledgerhq.com to discuss your needs.
When you exceed a rate limit, the API responds with HTTP 429 Too Many Requests. Check the Retry-After response header for the number of seconds to wait before retrying.
Errors
Agent Ledger uses conventional HTTP status codes. Error responses include a machine-readable error code and a human-readable message.
Error Response Format
{
"error": "validation_error",
"message": "name is required and must be a string (max 100 characters)"
}HTTP Status Codes
| Code | Error | Description |
|---|---|---|
200 |
— | Request succeeded |
201 |
— | Resource created successfully |
204 |
— | Success with no response body (DELETE operations) |
400 |
validation_error |
Request body failed validation — check field constraints |
400 |
invalid_json |
Request body is not valid JSON |
401 |
unauthorized |
Missing, invalid, or revoked API key |
404 |
not_found |
Resource not found or does not belong to your account |
409 |
conflict |
Resource already exists — typically email already registered |
429 |
rate_limited |
Too many requests — respect the Retry-After header |
503 |
service_unavailable |
Database temporarily unavailable — retry with exponential backoff |
EU AI Act Classification
The EU AI Act establishes a risk-based framework for AI systems operating in the European Union. Agent Ledger automatically classifies your agents into one of four tiers.
🚫 Prohibited
AI systems that pose an unacceptable risk are banned outright under Article 5.
- Social scoring by public authorities
- Real-time biometric surveillance in public spaces
- Emotion recognition in workplaces/education
- Subliminal manipulation of behaviour
- Exploitation of vulnerabilities
🔴 High Risk
Significant oversight obligations under Annex III. Conformity assessment required before deployment.
- HR, hiring, employment decisions
- Education and vocational training
- Credit scoring, insurance
- Law enforcement, border control
- Healthcare and medical devices
- Critical infrastructure
🟡 Limited Risk
Transparency obligations apply — users must know they are interacting with AI.
- Chatbots and conversational AI
- Deepfakes and synthetic content
- General-purpose AI with some interaction
🟢 Minimal Risk
No specific EU AI Act requirements. Compliance with general EU law still applies.
- AI-powered spam filters
- Recommendation systems (non-critical)
- Inventory management AI
Applicable Articles
When you register an agent, Agent Ledger returns a list of applicable EU AI Act articles based on your agent's profile. Common articles include:
| Article / Annex | Description |
|---|---|
Article 5 | Prohibited AI Practices |
Article 9 | Risk Management System — continuous monitoring throughout lifecycle |
Article 10 | Data and Data Governance — training data quality requirements |
Article 11 | Technical Documentation — must be maintained and available to authorities |
Article 12 | Record-Keeping — automatic logging of operations (audit trail) |
Article 13 | Transparency — clear information to deployers and users |
Article 14 | Human Oversight — meaningful human review of decisions |
Article 15 | Accuracy, Robustness and Cybersecurity |
Annex III | High-Risk AI System categories |
Not sure about your risk level? Use the Risk Scan endpoint — it runs a full 10-question assessment and returns an action plan. No account required.
Risk Score Calculation
Agent Ledger calculates two types of risk scores: agent-level risk and decision-level risk. Both drive compliance recommendations.
Agent-Level Risk Score (0–99)
The agent risk score is calculated when you register a new agent. It assesses the inherent risk of your AI system across multiple dimensions:
Scoring Factors
- Human Impact: High impact (+25 pts), Medium impact (+10 pts)
- Autonomy: Fully autonomous (+20 pts), Semi-autonomous (+10 pts)
- Data Sensitivity: Each sensitive type (biometric, health, financial, criminal, political, religious, ethnic) adds +8 pts (max 24)
- Human Oversight: Missing oversight (+15 pts)
- High-Risk Persons: Job applicants, employees, students, patients, etc. (+20 pts)
- High-Risk Sector: HR, hiring, education, credit, insurance, law enforcement, healthcare, etc. (+20 pts)
- Non-Reversible Decisions: Decisions that cannot be reversed (+10 pts)
Risk Class Mapping
| Score Range | Risk Class | Regulatory Impact |
|---|---|---|
0–34 | Minimal | No specific EU AI Act requirements beyond general EU law. |
35–69 | Limited | Transparency obligations (Article 52) — users must know they're interacting with AI. |
70–99 | High Risk | Annex III requirements: conformity assessment, documentation, human oversight, quality management. |
100 | Unacceptable | Article 5 — Prohibited AI Practice. Deployment must stop immediately. |
Decision-Level Risk Score (0.0–1.0)
When you log decisions, each decision gets its own risk score independent of the agent's overall risk. This captures the actual risk of specific outputs in context:
score = base_score + confidence_penalty + review_penalty
- base_score: Derived from agent risk class (minimal: 0.1, limited: 0.4, high: 0.7, unacceptable: 1.0)
- confidence_penalty: +0.2 if model confidence < 70%
- review_penalty: +0.1 if decision was not human-reviewed
Example Decision Risk
| Agent Risk Class | Confidence | Human Reviewed | Final Risk Score |
|---|---|---|---|
| High | 95% | Yes | 0.70 |
| High | 60% | No | 1.00 |
| Limited | 90% | Yes | 0.40 |
| Minimal | 85% | Yes | 0.10 |
How This Impacts Your Compliance
- Agent risk > 70: Register your AI system in the EU AI Act database before deployment.
- Decision risk > 0.7: Flag for mandatory human review before implementation.
- Low confidence + no review: Treat as high-risk and document in your audit trail.
- Article 5 flagged: Stop deployment immediately — seek legal counsel.
Risk scores are recalculated automatically if you update an agent's profile. Decisions in the ledger are immutable — they reflect the risk assessment at the time the decision was logged.
Health Check
Verify that the API is operational.
GET
/api/health
No auth
Returns service status, version, and server timestamp. Suitable for uptime monitors and health checks.
curl https://agentledgerhq.com/api/healthconst res = await fetch('https://agentledgerhq.com/api/health')
const data = await res.json()Response 200
{
"status": "ok",
"service": "agentledger-api",
"version": "1.0.0",
"timestamp": "2025-01-01T12:00:00.000Z"
}API Info
Returns API version info and available endpoint groups.
GET
/api/v1
No auth
Returns the API index with version, available endpoints, and documentation links.
curl https://agentledgerhq.com/api/v1const res = await fetch('https://agentledgerhq.com/api/v1')
const info = await res.json()Register Account
Create a new Agent Ledger account and receive your first API key.
POST
/api/v1/register
No auth
Creates a new account and returns an API key. The key is also emailed to the provided address. One account per email address.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name |
string | required | Your name or organisation name. Max 100 characters. |
email |
string | required | Valid email address. Used for key delivery and account recovery. |
curl -X POST https://agentledgerhq.com/api/v1/register \
-H "Content-Type: application/json" \
-d '{
"name": "Ada Lovelace",
"email": "ada@example.com"
}'const res = await fetch('https://agentledgerhq.com/api/v1/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
name: 'Ada Lovelace',
email: 'ada@example.com'
})
})
const data = await res.json() // 201 CreatedResponse 201
{
"account_id": "acc_a1b2c3d4e5f6",
"name": "Ada Lovelace",
"email": "ada@example.com",
"plan": "free",
"api_key": "al_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"key_prefix": "al_live_xxxxxxxx...",
"created_at": "2025-01-01T12:00:00.000Z",
"message": "Account created. Your API key has been sent to your email address. Store it securely — it will not be shown again."
}The
api_key field is returned only in this response. It is hashed in the database and cannot be recovered. Save it now.Error Cases
| Status | Error | Cause |
|---|---|---|
| 400 | validation_error | Missing name or invalid email format |
| 409 | conflict | Email address already registered |
Risk Scan
Run a full EU AI Act risk assessment questionnaire. No account required — results are returned immediately.
POST
/api/v1/scans
Auth optional
Performs a 10-question EU AI Act risk assessment and returns classification, applicable articles, and a prioritised action plan. Authenticated requests may have scan results saved to your account.
Request Body
| Field | Type | Description |
|---|---|---|
answers.q1_purpose | string | AI system's primary purpose (e.g. decision, hiring, social_scoring) |
answers.q2_human_impact | enum | high | medium | low |
answers.q3_autonomy | string | fully_autonomous | semi_autonomous | human_in_loop |
answers.q4_data_types | string[] | Sensitive data types: biometric, health, financial, criminal, political, religious, ethnic |
answers.q5_human_oversight | boolean | Whether meaningful human oversight exists |
answers.q6_affected_persons | string | Who is affected: job_applicants, employees, patients, students, citizens_benefits |
answers.q7_eu_operated | boolean | Whether the system operates in the EU |
answers.q8_reversible | boolean | Whether decisions can be reversed or appealed |
answers.q9_sector | string | Deployment sector: hr, healthcare, education, credit, law_enforcement, etc. |
answers.q10_existing_registration | boolean | Whether already registered in an EU AI database |
The following
q1_purpose values will result in Prohibited (Unacceptable) classification: social_scoring, emotion_recognition_workplace, real_time_biometric_public, subliminal_manipulation, exploitation_vulnerabilitiescurl -X POST https://agentledgerhq.com/api/v1/scans \
-H "Content-Type: application/json" \
-d '{
"answers": {
"q1_purpose": "hiring",
"q2_human_impact": "high",
"q3_autonomy": "semi_autonomous",
"q4_data_types": ["financial"],
"q5_human_oversight": true,
"q6_affected_persons": "job_applicants",
"q7_eu_operated": true,
"q8_reversible": true,
"q9_sector": "hr",
"q10_existing_registration": false
}
}'const res = await fetch('https://agentledgerhq.com/api/v1/scans', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
answers: {
q1_purpose: 'hiring',
q2_human_impact: 'high',
q3_autonomy: 'semi_autonomous',
q4_data_types: ['financial'],
q5_human_oversight: true,
q6_affected_persons: 'job_applicants',
q7_eu_operated: true,
q8_reversible: true,
q9_sector: 'hr',
q10_existing_registration: false
}
})
})
const scan = await res.json()Response 200
{
"scan_id": "scan_a1b2c3d4e5f6",
"risk_class": "high",
"risk_score": 74,
"eu_ai_act_classification": "Annex III — High-Risk AI System",
"applicable_articles": [
"Article 9 — Risk Management System",
"Article 10 — Data and Data Governance",
"Article 12 — Record-Keeping",
"Article 14 — Human Oversight",
"Annex III — High-Risk AI System"
],
"action_plan": [
{
"priority": 1,
"action": "Implement a risk management system covering the full AI lifecycle",
"deadline": "Before deployment",
"article": "Article 9"
},
{
"priority": 2,
"action": "Document training data sources, selection criteria, and quality measures",
"deadline": "Before deployment",
"article": "Article 10"
},
{
"priority": 3,
"action": "Set up automated logging of all system decisions",
"deadline": "Before deployment",
"article": "Article 12"
}
],
"report_available": false,
"report_url": null,
"upgrade_url": "https://agentledgerhq.com/#pricing",
"scanned_at": "2025-01-01T12:00:00.000Z"
}List Agents
Retrieve all AI agents registered under your account.
GET
/api/v1/agents
Auth required
Returns all agents associated with your account, including their risk classification and compliance status.
curl https://agentledgerhq.com/api/v1/agents \
-H "Authorization: Bearer al_live_YOUR_KEY"const res = await fetch('https://agentledgerhq.com/api/v1/agents', {
headers: { 'Authorization': 'Bearer al_live_YOUR_KEY' }
})
const { agents } = await res.json()Response 200
{
"agents": [
{
"id": "agent_a1b2c3d4e5f6",
"name": "Hiring Screening Bot",
"type": "decision",
"risk_class": "high",
"risk_score": 78,
"compliance_status": "compliant",
"deployment_environment": "production",
"created_at": "2025-01-01T12:00:00.000Z"
}
]
}Get Agent
Retrieve a single agent by ID, including full profile and applicable EU AI Act articles.
GET
/api/v1/agents/:id
Auth required
Returns complete agent details including risk classification, all applicable articles, and compliance status.
curl https://agentledgerhq.com/api/v1/agents/agent_a1b2c3d4e5f6 \
-H "Authorization: Bearer al_live_YOUR_KEY"const res = await fetch('https://agentledgerhq.com/api/v1/agents/agent_a1b2c3d4e5f6', {
headers: { 'Authorization': 'Bearer al_live_YOUR_KEY' }
})
const agent = await res.json()Response 200
{
"id": "agent_a1b2c3d4e5f6",
"name": "Hiring Screening Bot",
"description": "Screens job applications and shortlists candidates",
"type": "decision",
"autonomy_level": "semi-autonomous",
"risk_class": "high",
"risk_score": 78,
"eu_ai_act_articles": [
"Article 9 — Risk Management System",
"Article 10 — Data and Data Governance",
"Article 12 — Record-Keeping",
"Article 14 — Human Oversight",
"Annex III — High-Risk AI System"
],
"compliance_status": "compliant",
"deployment_environment": "production",
"human_oversight": true,
"created_at": "2025-01-01T12:00:00.000Z"
}Register Agent
Register a new AI agent and receive an instant EU AI Act risk classification.
POST
/api/v1/agents
Auth required
Registers an AI agent and runs automatic risk classification. Returns the agent ID, risk class, risk score, and applicable EU AI Act articles.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | required | Agent name. Max 100 characters. |
description | string | required | What this agent does. Max 500 characters. |
type | enum | required | conversational | decision | automation | classification | generative | other |
autonomy_level | enum | required | human-in-loop | semi-autonomous | fully-autonomous |
decision_types | string[] | required | Types of decisions this agent makes (e.g. ["loan_approval", "fraud_detection"]) |
data_processed | string[] | required | Types of data processed (e.g. ["financial", "identity"]) |
human_oversight | boolean | required | Whether meaningful human oversight exists for agent decisions |
deployment_environment | enum | optional | development | staging | production. Default: production |
metadata | object | optional | Arbitrary key/value pairs for your own use |
curl -X POST https://agentledgerhq.com/api/v1/agents \
-H "Authorization: Bearer al_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Loan Approval Engine",
"description": "Automated credit scoring and loan approval for retail customers",
"type": "decision",
"autonomy_level": "semi-autonomous",
"decision_types": ["credit_scoring", "loan_approval"],
"data_processed": ["financial", "credit_history", "employment"],
"human_oversight": true,
"deployment_environment": "production",
"metadata": {
"model_version": "2.1.0",
"team": "credit-risk"
}
}'const res = await fetch('https://agentledgerhq.com/api/v1/agents', {
method: 'POST',
headers: {
'Authorization': 'Bearer al_live_YOUR_KEY',
'Content-Type': 'application/json'
},
body: JSON.stringify({
name: 'Loan Approval Engine',
description: 'Automated credit scoring and loan approval for retail customers',
type: 'decision',
autonomy_level: 'semi-autonomous',
decision_types: ['credit_scoring', 'loan_approval'],
data_processed: ['financial', 'credit_history', 'employment'],
human_oversight: true,
deployment_environment: 'production',
metadata: { model_version: '2.1.0', team: 'credit-risk' }
})
})
const agent = await res.json() // 201 CreatedResponse 201
{
"id": "agent_a1b2c3d4e5f6",
"name": "Loan Approval Engine",
"risk_class": "high",
"risk_score": 82,
"eu_ai_act_articles": [
"Article 9 — Risk Management System",
"Article 10 — Data and Data Governance",
"Article 12 — Record-Keeping",
"Article 14 — Human Oversight",
"Annex III — High-Risk AI System"
],
"status": "registered",
"compliance_status": "compliant",
"created_at": "2025-01-01T12:00:00.000Z"
}Delete Agent
Permanently remove an agent and its classification data from your account.
DELETE
/api/v1/agents/:id
Auth required
Deletes the agent record. Note: historical decision logs associated with this agent are retained for audit purposes.
curl -X DELETE https://agentledgerhq.com/api/v1/agents/agent_a1b2c3d4e5f6 \
-H "Authorization: Bearer al_live_YOUR_KEY"const res = await fetch('https://agentledgerhq.com/api/v1/agents/agent_a1b2c3d4e5f6', {
method: 'DELETE',
headers: { 'Authorization': 'Bearer al_live_YOUR_KEY' }
})
// 204 No Content on successResponse 204
No response body.
List Decisions
Retrieve the audit log of decisions made by your agents.
GET
/api/v1/decisions
Auth required
Returns a paginated list of decision audit records. Filter by agent to retrieve decisions for a specific agent.
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
agent_id | string | — | Filter by agent ID |
limit | integer | 50 | Number of results to return (max 100) |
offset | integer | 0 | Pagination offset |
curl "https://agentledgerhq.com/api/v1/decisions?agent_id=agent_xxx&limit=20&offset=0" \
-H "Authorization: Bearer al_live_YOUR_KEY"const params = new URLSearchParams({
agent_id: 'agent_xxx',
limit: '20',
offset: '0'
})
const res = await fetch(`https://agentledgerhq.com/api/v1/decisions?${params}`, {
headers: { 'Authorization': 'Bearer al_live_YOUR_KEY' }
})
const { decisions, total } = await res.json()Response 200
{
"decisions": [
{
"id": "dec_a1b2c3d4e5f6",
"agent_id": "agent_xxx",
"decision_type": "loan_approval",
"input_summary": "Applicant: John Doe, credit score 720, income €45k",
"output_summary": "Approved — €15,000 at 4.2% APR",
"confidence": 0.91,
"human_reviewed": true,
"audit_hash": "sha256:4a7b3c9d2e1f8a...",
"logged_at": "2025-01-01T12:00:00.000Z"
}
],
"total": 1,
"limit": 20,
"offset": 0
}Log Decision
Record an agent decision in the immutable audit trail with a SHA-256 audit hash.
POST
/api/v1/decisions
Auth required
Creates a tamper-evident audit record for a decision. A SHA-256 hash is computed over the decision content. For high-risk agents, a warning is triggered when confidence > 0.9 and
human_reviewed is false.Request Body
| Field | Type | Required | Description |
|---|---|---|---|
agent_id | string | required | ID of the agent making the decision |
decision_type | string | required | Type of decision. Max 100 characters. |
input_summary | string | required | Summary of inputs to the decision. Max 1000 characters. Do not include PII directly. |
output_summary | string | required | Summary of the decision outcome. Max 1000 characters. |
confidence | float | required | Model confidence score, 0.0–1.0 |
human_reviewed | boolean | required | Whether a human reviewed this decision before it was acted on |
context | object | optional | Additional context (e.g. model version, session ID). Not included in audit hash. |
Risk flag: For high-risk agents, if
confidence > 0.9 and human_reviewed: false, the response will include a warning field indicating the decision should be reviewed. This does not prevent logging.curl -X POST https://agentledgerhq.com/api/v1/decisions \
-H "Authorization: Bearer al_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "agent_a1b2c3d4e5f6",
"decision_type": "loan_approval",
"input_summary": "Applicant credit profile hash: sha256:abc123...",
"output_summary": "Decision: Approved. Loan amount: EUR 15000. Rate: 4.2%",
"confidence": 0.87,
"human_reviewed": true,
"context": {
"model_version": "2.1.0",
"session_id": "ses_xyz"
}
}'const res = await fetch('https://agentledgerhq.com/api/v1/decisions', {
method: 'POST',
headers: {
'Authorization': 'Bearer al_live_YOUR_KEY',
'Content-Type': 'application/json'
},
body: JSON.stringify({
agent_id: 'agent_a1b2c3d4e5f6',
decision_type: 'loan_approval',
input_summary: 'Applicant credit profile hash: sha256:abc123...',
output_summary: 'Decision: Approved. Loan amount: EUR 15000. Rate: 4.2%',
confidence: 0.87,
human_reviewed: true,
context: { model_version: '2.1.0', session_id: 'ses_xyz' }
})
})
const decision = await res.json() // 201 CreatedResponse 201
{
"id": "dec_a1b2c3d4e5f6",
"agent_id": "agent_a1b2c3d4e5f6",
"logged_at": "2025-01-01T12:00:00.000Z",
"audit_hash": "sha256:4a7b3c9d2e1f8a6b5c4d3e2f1a0b9c8d7e6f5a4b3c2d1e0f..."
}Response 201 (with risk warning)
{
"id": "dec_a1b2c3d4e5f6",
"agent_id": "agent_a1b2c3d4e5f6",
"logged_at": "2025-01-01T12:00:00.000Z",
"audit_hash": "sha256:4a7b3c9d2e1f8a6b5c4d3e2f1a0b9c8d7e6f5a4b3c2d1e0f...",
"warning": "High-risk agent decision with confidence > 0.9 and no human review. Consider mandatory human review before acting on this decision."
}List API Keys
View all API keys associated with your account.
GET
/api/v1/keys
Auth required
Returns all API keys for your account. Key values are not returned — only prefixes and metadata.
curl https://agentledgerhq.com/api/v1/keys \
-H "Authorization: Bearer al_live_YOUR_KEY"const res = await fetch('https://agentledgerhq.com/api/v1/keys', {
headers: { 'Authorization': 'Bearer al_live_YOUR_KEY' }
})
const { keys } = await res.json()Response 200
{
"keys": [
{
"id": "key_a1b2c3d4e5f6",
"prefix": "al_live_xxxxxxxx...",
"name": "Production",
"created_at": "2025-01-01T12:00:00.000Z",
"revoked_at": null
}
]
}Create API Key
Generate a new API key for your account.
POST
/api/v1/keys
Auth required
Creates a new API key. The key value is returned only in this response — store it immediately.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | optional | Label for this key (e.g. Production, CI Pipeline) |
curl -X POST https://agentledgerhq.com/api/v1/keys \
-H "Authorization: Bearer al_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "Staging Environment"}'const res = await fetch('https://agentledgerhq.com/api/v1/keys', {
method: 'POST',
headers: {
'Authorization': 'Bearer al_live_YOUR_KEY',
'Content-Type': 'application/json'
},
body: JSON.stringify({ name: 'Staging Environment' })
})
const { key } = await res.json() // key.api_key shown only onceResponse 201
{
"id": "key_a1b2c3d4e5f6",
"api_key": "al_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"prefix": "al_live_xxxxxxxx...",
"name": "Staging Environment",
"created_at": "2025-01-01T12:00:00.000Z",
"warning": "Store this key securely. It will not be shown again."
}Revoke API Key
Permanently revoke an API key. This action cannot be undone.
DELETE
/api/v1/keys/:id
Auth required
Revokes the specified API key immediately. Any requests using this key will receive a 401 Unauthorized response.
Revoking a key is immediate and irreversible. Make sure any services using this key are updated before revoking.
curl -X DELETE https://agentledgerhq.com/api/v1/keys/key_a1b2c3d4e5f6 \
-H "Authorization: Bearer al_live_YOUR_KEY"const res = await fetch('https://agentledgerhq.com/api/v1/keys/key_a1b2c3d4e5f6', {
method: 'DELETE',
headers: { 'Authorization': 'Bearer al_live_YOUR_KEY' }
})
// 200 OK with {"message": "API key revoked successfully"}Response 200
{
"message": "API key revoked successfully"
}MCP Server
Agent Ledger exposes a native Model Context Protocol (MCP) server — the open standard for AI-to-tool communication. Any MCP-compatible AI agent can register itself, run EU AI Act scans, and log decisions autonomously — without writing a single REST call.
What this means
Your AI agent connects to Agent Ledger MCP, calls register_agent, then run_risk_scan — and gets back a full EU AI Act risk classification with action items. It can then call log_decision after every significant action to build a complete audit trail. All without human intervention.
Endpoint
POST /api/mcp
Protocol
JSON-RPC 2.0 / MCP 2024-11-05
Transport
Streamable HTTP (2025-03-26 spec)
Supported clients
Claude Desktop
OpenClaw
Cursor
VS Code Copilot
Any MCP client
Setup & Authentication
The MCP server reuses your existing Agent Ledger API key. No separate credentials needed.
POST
/api/mcp
MCP JSON-RPC endpoint
initialize and tools/list require no authentication. tools/call requires your API key.
Required header for tools/call
Authorization: Bearer al_live_your_api_key_hereTest the connection
curl — initialize handshake
curl -X POST https://agentledgerhq.com/api/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{}}'Response
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"protocolVersion": "2024-11-05",
"capabilities": { "tools": {} },
"serverInfo": { "name": "Agent Ledger MCP", "version": "1.0.0" }
}
}Available Tools
8 tools available. Retrieve the full list with tools/list.
| Tool | Description | Auth |
|---|---|---|
register_agent | Register a new AI agent. Returns agent_id. | Required |
run_risk_scan | Run EU AI Act classification. Returns risk class + action items. | Required |
log_decision | Log a decision to the immutable audit trail. | Required |
get_agent | Get agent details and compliance status. | Required |
list_agents | List all agents on the account. | Required |
get_compliance_status | Current risk class, score, and required action items. | Required |
get_badge_url | Get the compliance badge URL + Markdown snippet. | Required |
get_compliance_report_url | Get the URL of the downloadable PDF report. | Required |
Example: call a tool
tools/call — run_risk_scan
curl -X POST https://agentledgerhq.com/api/mcp \
-H "Content-Type: application/json" \
-H "Authorization: Bearer al_live_your_key" \
-d '{
"jsonrpc": "2.0",
"id": 3,
"method": "tools/call",
"params": {
"name": "run_risk_scan",
"arguments": {
"agent_id": "agent_abc123",
"answers": {
"q1_purpose": "credit_scoring",
"q2_human_impact": "high",
"q3_autonomy": "fully_autonomous",
"q4_data_types": ["financial", "biometric"],
"q5_human_oversight": false,
"q6_affected_persons": ["loan_applicants"],
"q7_sector": "finance"
}
}
}
}'Client Configuration
Add Agent Ledger to your MCP client in seconds. Replace al_live_your_key with your actual API key.
Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json)
claude_desktop_config.json
{
"mcpServers": {
"agentledger": {
"url": "https://agentledgerhq.com/api/mcp",
"headers": {
"Authorization": "Bearer al_live_your_key"
}
}
}
}OpenClaw
openclaw.json — plugins.mcp
{
"plugins": {
"mcp": {
"servers": [
{
"name": "agentledger",
"url": "https://agentledgerhq.com/api/mcp",
"headers": {
"Authorization": "Bearer al_live_your_key"
}
}
]
}
}
}Cursor
.cursor/mcp.json
{
"mcpServers": {
"agentledger": {
"url": "https://agentledgerhq.com/api/mcp",
"headers": {
"Authorization": "Bearer al_live_your_key"
}
}
}
}VS Code Copilot
.vscode/mcp.json
{
"servers": {
"agentledger": {
"type": "http",
"url": "https://agentledgerhq.com/api/mcp",
"headers": {
"Authorization": "Bearer al_live_your_key"
}
}
}
}Full Self-Compliance Example
An AI agent making itself EU AI Act compliant in 4 tool calls — no human required.
Python — autonomous agent compliance flow
import json, httpx
MCP_URL = "https://agentledgerhq.com/api/mcp"
API_KEY = "al_live_your_key"
def mcp(method, params=None, req_id=1):
r = httpx.post(MCP_URL, json={
"jsonrpc": "2.0", "id": req_id,
"method": method, "params": params or {}
}, headers={"Authorization": f"Bearer {API_KEY}"})
return r.json()["result"]
# Step 1: register this agent
reg = mcp("tools/call", {"name": "register_agent", "arguments": {
"name": "CreditScore Bot v2",
"description": "Automated credit scoring for loan applications",
"sector": "finance"
}})
agent_id = json.loads(reg["content"][0]["text"])["agent_id"]
print(f"Registered: {agent_id}")
# Step 2: run EU AI Act risk scan
scan = mcp("tools/call", {"name": "run_risk_scan", "arguments": {
"agent_id": agent_id,
"answers": {
"q1_purpose": "credit_scoring",
"q2_human_impact": "high",
"q3_autonomy": "semi_autonomous",
"q4_data_types": ["financial"],
"q5_human_oversight": True,
"q7_sector": "credit"
}
}})
result = json.loads(scan["content"][0]["text"])
print(f"Risk class: {result['risk_class']} (score: {result['risk_score']})")
# Step 3: log a decision
mcp("tools/call", {"name": "log_decision", "arguments": {
"agent_id": agent_id,
"decision_type": "credit_approval",
"description": "Approved loan application #4821 based on credit score 712",
"outcome": "approved",
"confidence_score": 0.87
}})
# Step 4: get badge URL for README
badge = mcp("tools/call", {"name": "get_badge_url", "arguments": {"agent_id": agent_id}})
badge_data = json.loads(badge["content"][0]["text"])
print(f"Badge: {badge_data['markdown']}")Output:
Registered: agent_f3a9c2...
Risk class: high (score: 65)
Badge: 