Introduction

Tool Authorization Protocol

Every API call an agent makes carries your credentials. TAP replaces raw tokens with named credential references, enforces approval policies on writes, and ensures the agent never handles the raw credential.

TAP sits between agents and services: agents reference credentials by name, TAP resolves and injects the real token without surfacing it, and write requests are held for human approval per configured policy — the approver sees the full payload before the request is forwarded.

Before and After

Your agent’s code barely changes:

# Before: agent holds the raw credential
Authorization: Bearer xoxb-your-slack-bot-token

# After: agent uses a name, TAP handles the rest
X-TAP-Credential: slack
X-TAP-Target: https://slack.com/api/chat.postMessage
X-TAP-Method: POST
  • Human-in-the-loop approval — TAP can send you a Telegram message with the exact payload and Approve / Deny buttons before a request goes through. Configurable per credential.
  • Credential isolation — agents never see actual secret values, so a jailbroken or compromised agent can’t exfiltrate your Gmail, Slack, or Mercury tokens
  • Response sanitization — if an API response includes your token (e.g. an OAuth introspection endpoint), TAP strips it before the agent sees it
  • Audit trail — every request logged with agent, credential, approval status, and latency

Managed hosting at tap.human.tech is the recommended way to get started. Self-hosting is source-available under FSL (free to use and self-host; MIT two years after each release).

Get Started

→ Quickstart: be running in 5 minutes

Already have dashboard access? Give your agent these two lines:

TAP API key: <API key from the dashboard>
TAP instructions: https://proxy.tap.human.tech/instructions

Your agent fetches that URL and discovers how to use your configured services — no custom integration code needed.

Quickstart