Tool Authorization Protocol

Give your AI agent access to any API — without giving it your keys.

TAP is an open-source proxy that sits between your agent and external APIs. Your agent references credentials by name. The proxy injects real secrets, enforces approval policies, and scrubs credentials from responses. If the agent is compromised, your keys stay safe.

Before and After

Your agent’s code barely changes — swap the raw secret for a name:

# Before: agent holds the raw key
Authorization: Bearer sk-live-a1b2c3d4e5f6...

# After: agent uses a name, proxy injects the key
X-TAP-Credential: openai
X-TAP-Target: https://api.openai.com/v1/chat/completions

Credential isolation — agents never see actual secrets
Configurable policies — auto-approve reads, require human approval for writes, or customize per credential
Response sanitization — scrubs credential values from API responses before they reach the agent
Audit trail — every request logged with agent, credential, approval status, and latency

Managed hosting at toolsec.org runs in hardware enclaves where encryption keys never leave the chip. Self-hosted is MIT licensed and free forever. Both use the same proxy and the same agent interface.

Get Started

Follow the Quickstart to be up and running in 5 minutes.

Credential Setup Guides — where to get API keys for each service
How It Works — architecture and request flow
Policies & Approval — customize approval rules
API Reference — full endpoint documentation

Quickstart