Issue scoped, short-lived credentials to your AI agents. Test their access, verify their behavior, and audit every call — from one control plane.
Fullmakt is a credential broker for AI agents. It issues scoped, short-lived credentials to your agents on demand, verifies their access on every request, and records a tamper-proof audit of every call — so your secrets never reach the model and every action stays attributable.
Broker credentials, prove they work, and prove what they did — without writing your own auth layer.
Mint short-lived, scoped credentials for each agent. Rotate, revoke, and expire on demand — secrets never touch the model.
Simulate agent calls against your APIs before they ship. Confirm scopes, expirations, and downstream behavior in a sandbox.
Continuously verify agent identity, scope, and policy compliance on every request. Block anything that drifts off-policy.
Every issuance, call, and revocation is logged with cryptographic chaining. Answer "which agent did what, when, on whose behalf?" instantly.
Define what each agent can touch — by endpoint, method, rate, or data class. Least-privilege by default, configurable per workflow.
Drop-in support for MCP servers, OAuth 2.1, and OIDC providers. Bring your existing IdP — agents inherit the same trust model.
Fullmakt speaks the protocols your agent already does. Point it at one URL and it can discover the rest on its own.
An Agent2Agent server with a well-known Agent Card. Your agent builds out collections, policies, and identities — while vault credentials stay human-only.
Every collection doubles as a remote MCP server: its requests become tools, brokered through your policies with short-lived credentials.
Client-credentials tokens scoped to a workspace or a single collection, expiring in an hour. Standard well-known metadata for spec-following clients.
curl https://fullmakt.ai/.well-known/agent-card.json
Full walkthrough in the agent docs — or create an account and open Governance → Connect.
No plans, no minimums, no feature gates. Usage is metered and billed at the end of each month — our infrastructure cost plus a small margin. Try everything first in the no-card sandbox.
Every feature included. You're charged per operation:
Add a card when you're ready. Remove it or leave anytime — any remaining usage is settled on a final invoice.
Try the sandbox — no cardJoin teams brokering credentials for AI agents with Fullmakt — least privilege, fully audited, by default.
Create Free AccountA credential broker issues scoped, short-lived credentials to AI agents on demand, so the agent (and the model behind it) never holds your long-lived API keys or secrets. Fullmakt mints, rotates, and revokes these credentials, enforces what each agent may do, and records every call in a tamper-proof audit log.
Identity providers authenticate users and services. Fullmakt sits one layer out: it brokers per-agent access to your APIs — scoped by endpoint, method, rate, and data class — and proves what each agent did. You can keep your existing IdP; agents inherit the same trust model through OAuth 2.1, OIDC, and MCP.
No. The agent receives a short-lived, scoped credential rather than your real API keys. Secrets stay on the control plane, are never exposed to the model, and can be rotated or revoked at any time.
Through two standard protocol surfaces: an Agent2Agent (A2A) management server, discovered via the Agent Card, and per-collection MCP servers that turn your requests into tools. Both authenticate with OAuth 2.0 client credentials that a human provisions in the app — the full walkthrough is in the agent docs.
Fullmakt is pay-as-you-go — there's no flat plan and no minimum. You're billed at the end of each month only for what you use: per request sent through the broker, per AI-generated collection, and per endpoint generated, at our infrastructure cost plus a small margin. Every feature is included. Try it all first in the no-card sandbox; when you're ready, add a card. Remove the card or leave anytime and any remaining usage is settled on a final invoice.
Have a question or feedback? Send us a message and we'll get back to you.