Skip to main content

Documentation Index

Fetch the complete documentation index at: https://agentclientprotocol.com/llms.txt

Use this file to discover all available pages before exploring further.

ACP authentication is negotiated during initialization. Agents advertise available authentication methods in authMethods, Clients choose one by calling authenticate, and Agents that support ending an authenticated state advertise the logout capability.

Advertising Authentication

Agents advertise authentication options in the authMethods field of the initialize response. Each method has an id that the Client passes back to the Agent in a later authenticate request. Agents that support logout also advertise agentCapabilities.auth.logout: 
{
  "jsonrpc": "2.0",
  "id": 0,
  "result": {
    "protocolVersion": 1,
    "agentCapabilities": {
      "auth": {
        "logout": {}
      }
    },
    "authMethods": [
      {
        "id": "agent-login",
        "name": "Agent login",
        "description": "Sign in using the agent's login flow"
      }
    ]
  }
}
If agentCapabilities.auth.logout is omitted or null, the Agent does not support logout and Clients MUST NOT call it. Supplying {} means the Agent supports the method.

Authentication Method Types

The default authentication method type is agent, where the Agent handles authentication itself. When no type is present, the method is treated as agent: 
{
  "id": "agent-login",
  "name": "Agent login",
  "description": "Sign in using the agent's login flow"
}
An explicit "type": "agent" is also accepted but not required. See the schema for the full stable AuthMethod definition.

Authenticating

When an Agent requires authentication before allowing session creation, the Client calls authenticate with one of the advertised authentication method IDs: 
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "authenticate",
  "params": {
    "methodId": "agent-login"
  }
}
methodId
string
required
The ID of the authentication method to use. This value must match one of the methods advertised in the initialize response.
On success, the Agent returns an empty result: 
{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {}
}
After successful authentication, the Client can create new sessions without receiving an auth_required error for authentication-gated requests.

Logging Out

The logout method allows Clients to end the current authenticated state. Clients should only call it after verifying the Agent advertised agentCapabilities.auth.logout during initialization. 
{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "logout",
  "params": {}
}
On success, the Agent returns an empty result: 
{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {}
}
After a successful logout, new sessions that require authentication will require the Client to call authenticate again.

Active Sessions

The protocol does not guarantee what happens to already-running sessions after logout. Agents may terminate them, keep them running, or return auth_required errors for future session activity. Clients SHOULD be prepared for active session operations to fail with authentication-related errors after logout and should prompt the user to authenticate again when appropriate.