Kong · Capability
Kong Agent Onboarding
Kong Agent Onboarding — automated agent self-registration on Kong Enterprise Admin API. Verifies Web Bot Auth signatures (RFC 9421) against a trusted-issuer policy, composes Kong consumer + consumer_group + key-auth operations into a single scoped-credential issuance, and emits an audit event recording the agent identity, consent acknowledgement, and resulting credential. Companion to the API Evangelist agent-onboarding pattern. Runtime policy enforcement (signature verify, consent check, scope classify, audit emit) lives in the orchestration.steps below — each step that gates issuance carries on_failure: deny. Lint-time validation of this capability shape lives in the companion Polychro ruleset at https://github.com/api-evangelist/posts/blob/main/polychro/agent-onboarding-rules.yaml — Polychro is Naftiko's governance layer, separate from the capability spec, and is the correct home for cross-object consistency rules that apply across every agent-onboarding capability.
What You Can Do
POST
Onboardagent
— Verify the agent's Web Bot Auth signature, check the requested scopes against the declared policy, provision the Kong credential, and return it.
/v1/agents/onboard
POST
Revokeagent
— Revoke an issued credential.
/v1/agents/{agent_id}/revoke
MCP Tools
agent-register
Register an agent with the Kong-backed API surface and obtain a scoped API key. Requires a verified Web Bot Auth signature.
agent-revoke
Revoke an issued agent credential.
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Kong Agent Onboarding
description: 'Kong Agent Onboarding — automated agent self-registration on Kong Enterprise Admin API.
Verifies Web Bot Auth signatures (RFC 9421) against a trusted-issuer policy, composes Kong consumer +
consumer_group + key-auth operations into a single scoped-credential issuance, and emits an audit
event recording the agent identity, consent acknowledgement, and resulting credential. Companion to
the API Evangelist agent-onboarding pattern. Runtime policy enforcement (signature verify, consent check, scope classify, audit emit) lives in the orchestration.steps below — each step that gates issuance carries on_failure: deny. Lint-time validation of this capability shape lives in the companion Polychro ruleset at https://github.com/api-evangelist/posts/blob/main/polychro/agent-onboarding-rules.yaml — Polychro is Naftiko''s governance layer, separate from the capability spec, and is the correct home for cross-object consistency rules that apply across every agent-onboarding capability.'
tags:
- Kong
- Agent Onboarding
- Web Bot Auth
- RFC 9421
- RFC 7591
- MCP
- Naftiko Capability
- Agent Skills
created: '2026-05-27'
modified: '2026-05-27'
related:
- https://apievangelist.com/2026/05/27/automated-agent-onboarding-is-a-naftiko-capability-not-a-gateway-feature/
- https://github.com/api-evangelist/kong
binds:
- namespace: env
keys:
KONG_API_KEY: KONG_API_KEY
KONG_ADMIN_BASE_URI: KONG_ADMIN_BASE_URI
AGENT_TRUSTED_ISSUERS: AGENT_TRUSTED_ISSUERS
AGENT_CONSENT_DOC_URL: AGENT_CONSENT_DOC_URL
AGENT_CONSENT_HASH: AGENT_CONSENT_HASH
capability:
# ============================================================================
# CONSUMES — upstream Kong Enterprise Admin API operations that this
# capability composes to provision an agent's scoped credential.
# ============================================================================
consumes:
- type: http
namespace: kong-admin
baseUri: '{{env.KONG_ADMIN_BASE_URI}}'
description: Kong Enterprise Admin API — the four operations needed to provision a scoped
consumer + group + key-auth credential for a verified agent identity.
resources:
- name: workspace-consumers
path: /{workspace}/consumers
operations:
- name: createconsumer
method: POST
description: Create a Kong consumer record for the agent identity.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: workspace
in: path
type: string
required: true
- name: body
in: body
type: object
description: '{ username, custom_id, tags }'
required: true
- name: workspace-consumer-groups
path: /{workspace}/consumer_groups
operations:
- name: createconsumergroup
method: POST
description: Create a consumer_group representing the agent's scope tier.
Idempotent — only invoked if the policy-declared tier doesn't already exist.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: workspace
in: path
type: string
required: true
- name: body
in: body
type: object
description: '{ name, tags }'
required: true
- name: workspace-consumer-group-consumers
path: /{workspace}/consumer_groups/{ConsumerGroupId}/consumers
operations:
- name: addconsumertoconsumergroup
method: POST
description: Bind the agent's consumer to the scope-tier consumer_group, inheriting
its plugins (ACL, rate-limiting, request-validation).
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: workspace
in: path
type: string
required: true
- name: ConsumerGroupId
in: path
type: string
required: true
- name: body
in: body
type: object
description: '{ consumer: { id } }'
required: true
- name: workspace-consumer-key-auth
path: /{workspace}/consumers/{ConsumerIdForNestedEntities}/key-auth
operations:
- name: createkeyauth
method: POST
description: Mint the scoped API key for the agent. The returned `key` value is what
the agent uses on subsequent calls; this value is returned to the agent exactly once.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: workspace
in: path
type: string
required: true
- name: ConsumerIdForNestedEntities
in: path
type: string
required: true
- name: body
in: body
type: object
description: '{ key, ttl, tags }'
required: false
- name: deletekeyauth
method: DELETE
description: Revoke the agent's API key. Invoked when the agent calls its
revocation_url.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
- name: workspace-event-gateways-audit-produce
path: /v1/event-gateways/{gatewayId}/topics/agent-audit/produce
operations:
- name: emitauditevent
method: POST
description: Emit an audit event to the Kong Event Gateway agent-audit topic recording
the agent identity, the Web Bot Auth signature, the consent hash, the issued
credential id, and the policy decision.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: gatewayId
in: path
type: string
required: true
- name: body
in: body
type: object
required: true
authentication:
type: apikey
key: Kong-Admin-Token
value: '{{env.KONG_API_KEY}}'
placement: header
# ============================================================================
# ORCHESTRATION — the multi-step flow that composes the consumed operations
# into a single agent-onboarding business operation. Steps execute in order;
# outputs of earlier steps are referenced by later steps via `${steps.<id>.<jsonpath>}`.
# ============================================================================
orchestration:
- name: onboard-agent
description: End-to-end agent onboarding — verify signature, ensure scope tier exists,
provision consumer + group binding + key, emit audit, return credential.
inputs:
- name: signature
type: object
description: RFC 9421 HTTP Message Signature headers from the agent's request.
required: true
- name: signature_agent
type: string
description: Agent issuer (e.g., 'https://claude.ai/').
required: true
- name: skill_id
type: string
required: true
- name: requested_scopes
type: array
required: true
- name: consent_hash
type: string
required: true
- name: contact
type: object
description: '{ operator, support_url, purpose }'
required: true
steps:
- id: verify_signature
type: builtin.web-bot-auth.verify
description: Verify the RFC 9421 signature against the operator's published key directory.
with:
signature: ${input.signature}
agent: ${input.signature_agent}
trusted_issuers: '{{env.AGENT_TRUSTED_ISSUERS}}'
on_failure: deny
- id: verify_consent
type: builtin.policy.assert
description: Confirm the consent_hash matches the provider's currently-published consent document.
with:
assert: '${input.consent_hash} == {{env.AGENT_CONSENT_HASH}}'
on_failure: deny
- id: classify_scopes
type: builtin.policy.scope-classify
description: Map each requested scope to (auto-issue | approval-required | forbidden)
per the provider's declared policy.
with:
requested: ${input.requested_scopes}
output:
auto: array
approval: array
forbidden: array
on:
- when: '${steps.classify_scopes.forbidden.length > 0}'
do: deny
- when: '${steps.classify_scopes.approval.length > 0}'
do: defer-to-approval-webhook
- id: create_consumer
call: kong-admin.createconsumer
description: Create the Kong consumer record for this agent.
with:
workspace: 'default'
body:
username: 'agent-${steps.verify_signature.agent_id}'
custom_id: ${steps.verify_signature.agent_id}
tags:
- 'agent'
- 'operator:${input.contact.operator}'
- 'skill:${input.skill_id}'
- id: ensure_consumer_group
type: builtin.upsert
description: Ensure the scope-tier consumer_group exists; idempotent.
with:
check_path: '/default/consumer_groups/${steps.classify_scopes.auto[0]}'
create_call: kong-admin.createconsumergroup
create_with:
workspace: 'default'
body:
name: ${steps.classify_scopes.auto[0]}
tags:
- 'agent-scope-tier'
- id: bind_consumer_to_group
call: kong-admin.addconsumertoconsumergroup
description: Bind the new consumer into the scope-tier group (inheriting plugins).
with:
workspace: 'default'
ConsumerGroupId: ${steps.ensure_consumer_group.id}
body:
consumer:
id: ${steps.create_consumer.id}
- id: mint_credential
call: kong-admin.createkeyauth
description: Mint the scoped API key the agent will use. The key value is returned to
the agent exactly once in the orchestration output and never logged at rest.
with:
workspace: 'default'
ConsumerIdForNestedEntities: ${steps.create_consumer.id}
body:
ttl: 2592000 # 30 days; provider policy can override
tags:
- 'agent-credential'
- 'operator:${input.contact.operator}'
- id: emit_audit
call: kong-admin.emitauditevent
description: Record the onboarding act on the Event Gateway audit topic.
with:
gatewayId: 'default'
body:
event_type: 'agent.onboarded'
agent_id: ${steps.verify_signature.agent_id}
operator: ${input.contact.operator}
support_url: ${input.contact.support_url}
purpose: ${input.contact.purpose}
skill_id: ${input.skill_id}
scopes: ${steps.classify_scopes.auto}
consent_hash: ${input.consent_hash}
signature_keyid: ${steps.verify_signature.keyid}
credential_id: ${steps.mint_credential.id}
output:
agent_id: ${steps.verify_signature.agent_id}
consumer_id: ${steps.create_consumer.id}
consumer_group_id: ${steps.ensure_consumer_group.id}
credential:
type: 'Bearer'
value: ${steps.mint_credential.key}
expires_at: ${steps.mint_credential.expires_at}
revocation_url: '/v1/agents/${steps.verify_signature.agent_id}/revoke'
scopes: ${steps.classify_scopes.auto}
rate_limit: ${steps.ensure_consumer_group.rate_limit}
audit_id: ${steps.emit_audit.id}
terms_acknowledged: ${input.consent_hash}
- name: revoke-agent
description: Revoke an issued credential when the agent calls revocation_url.
inputs:
- name: agent_id
type: string
required: true
- name: credential_id
type: string
required: true
steps:
- id: delete_key
call: kong-admin.deletekeyauth
with:
workspace: 'default'
ConsumerIdForNestedEntities: ${input.agent_id}
KeyAuthId: ${input.credential_id}
- id: emit_revoke_audit
call: kong-admin.emitauditevent
with:
gatewayId: 'default'
body:
event_type: 'agent.revoked'
agent_id: ${input.agent_id}
credential_id: ${input.credential_id}
output:
revoked: true
audit_id: ${steps.emit_revoke_audit.id}
# ============================================================================
# EXPOSES — downstream surfaces this capability publishes for agent and
# human consumers. The /v1/agents/onboard REST endpoint and the
# agent.register MCP tool both call the onboard-agent orchestration above.
# ============================================================================
exposes:
- type: rest
namespace: kong-agent-onboarding-rest
port: 8080
description: REST surface for automated agent onboarding. Verifies Web Bot Auth signatures
on inbound requests; one round trip from request to issued credential for auto-issuable scopes.
resources:
- path: /v1/agents/onboard
name: agents-onboard
description: Agent self-registration endpoint.
operations:
- method: POST
name: onboardagent
description: Verify the agent's Web Bot Auth signature, check the requested scopes
against the declared policy, provision the Kong credential, and return it.
call: orchestration.onboard-agent
with:
signature: rest.headers.signature
signature_agent: rest.headers.signature-agent
skill_id: rest.body.skill_id
requested_scopes: rest.body.scopes
consent_hash: rest.body.consent_hash
contact: rest.body.contact
outputParameters:
- type: object
mapping: $.
- path: /v1/agents/{agent_id}/revoke
name: agents-revoke
description: Revoke the credential issued during onboarding.
operations:
- method: POST
name: revokeagent
description: Revoke an issued credential.
call: orchestration.revoke-agent
with:
agent_id: rest.agent_id
credential_id: rest.body.credential_id
- type: mcp
namespace: kong-agent-onboarding-mcp
port: 9090
transport: http
description: MCP surface for agent onboarding. Exposes agent.register and agent.revoke
as tools an MCP client can call directly.
tools:
- name: agent-register
description: Register an agent with the Kong-backed API surface and obtain a scoped API key.
Requires a verified Web Bot Auth signature.
hints:
readOnly: false
destructive: false
idempotent: false
call: orchestration.onboard-agent
with:
signature: tools.signature
signature_agent: tools.signature_agent
skill_id: tools.skill_id
requested_scopes: tools.requested_scopes
consent_hash: tools.consent_hash
contact: tools.contact
outputParameters:
- type: object
mapping: $.
- name: agent-revoke
description: Revoke an issued agent credential.
hints:
readOnly: false
destructive: true
idempotent: true
call: orchestration.revoke-agent
with:
agent_id: tools.agent_id
credential_id: tools.credential_id
- type: agent-skill
namespace: kong-agent-onboarding-skills
description: Agent skill published at /skills/onboard-agent.md. The skill is the
published operating manual that tells a compatible agent how to construct the
onboarding request — including how to compute the consent hash, sign the request
per RFC 9421, and handle 202-Accepted approval-deferred responses.
skill:
name: onboard-agent
description: Register this agent with the API provider and obtain a scoped credential.
file: skills/onboard-agent.md