# auth.md

Agent registration and authentication metadata for grow.contact.

## OAuth metadata

- Protected-resource metadata: https://grow.contact/.well-known/oauth-protected-resource
- Authorization-server metadata: https://grow.contact/.well-known/oauth-authorization-server
- Token endpoint: https://grow.contact/api/public/oauth/token
- JWKS: https://grow.contact/.well-known/jwks.json

## Agent registration

grow.contact supports anonymous agent registration by human request. Request an
API key for the public REST API or an MCP access token via https://grow.contact/contact.

- Identity type: anonymous
- Credential types: api_key, access_token
- Claim URI: https://grow.contact/contact
- Register URI: https://grow.contact/contact

## For agents

- Public REST API keys use the `x-api-key` request header.
- MCP access tokens use `Authorization: Bearer <token>`.
- Public, unauthenticated surfaces (no token required):
  - `GET /`, `GET /llms.txt`, `GET /sitemap.xml`
  - `GET /api/public/v1/openapi.json`
  - `GET /api/public/v1/readiness`, `GET /api/public/ping`
  - `POST /api/public/v1/analyze` (rate-limited)
  - `POST /api/public/v1/leads` (rate-limited)
- MCP endpoint: `POST /api/public/mcp`

## For humans

- Sign in at [/login](https://grow.contact/login).
- Account settings live on the dashboard at [/dashboard](https://grow.contact/dashboard).
- API keys and MCP bearer tokens are issued on request via https://grow.contact/contact.

## Standards we implement

- [RFC 9728 — OAuth 2.0 Protected Resource Metadata](https://datatracker.ietf.org/doc/html/rfc9728)
- [Model Context Protocol (MCP) — Streamable HTTP](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports)
- [llms.txt](https://llmstxt.org/)
- Cloudflare Content Signals (declared in `/robots.txt`)