> ## Documentation Index
> Fetch the complete documentation index at: https://agenticadvertisingorg-snap-format-preview-links.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Per-agent authorization pull

> Default endpoint for verification consumers (DSPs, sales houses, agencies). Returns the rows where the requested agent appears as `agent_url` — typically ≤ a few hundred. Pair with `/api/registry/feed?entity_type=authorization` to tail subsequent changes via the `X-Sync-Cursor` header.

**evidence** defaults to `adagents_json` only. `agent_claim` is opt-in (`?evidence=adagents_json,agent_claim`) to prevent buy-side trust misuse — see specs/registry-authorization-model.md.



## OpenAPI

````yaml /static/openapi/registry.yaml get /api/registry/authorizations
openapi: 3.1.0
info:
  title: AgenticAdvertising.org Registry API
  description: >-
    REST API for the AgenticAdvertising.org registry. Resolve brands,

    discover properties, look up agents, and validate authorization in the

    AdCP ecosystem.


    Most endpoints are public and require no authentication. Endpoints marked

    with a lock icon accept either an organization API key or a user JWT

    obtained via the OAuth 2.1 flow — see
    [Authentication](https://agenticadvertising.org/docs/registry/index#authentication).


    **Base URL:** `https://agenticadvertising.org`
  version: 1.0.0
  contact:
    name: AgenticAdvertising.org
    url: https://agenticadvertising.org
servers:
  - url: https://agenticadvertising.org
    description: Production
security: []
tags:
  - name: Onboarding
    description: >-
      Explicitly bootstrap a third-party integration into the AAO registry. Most
      callers don't need this tag — `POST /api/me/agents` auto-creates the org
      (for fresh users) and the member profile (for first-time agent
      registration) without a separate round trip. Use `POST /api/organizations`
      only when you need to override the auto-derived org name / company_type /
      revenue_tier. Tier transitions happen via the billing flow only; the
      Stripe webhook is the sole writer of `organizations.membership_tier`.
  - name: Member Agents
    description: >-
      Register, list, update, and remove agents on the caller's organization
      member profile. Authenticated programmatic surface for CI / scripts that
      don't want to round-trip the full member profile.
  - name: Brand Resolution
    description: Resolve advertiser domains to canonical brand identities.
  - name: Property Resolution
    description: >-
      Resolve publisher domains to their property configurations and authorized
      agents.
  - name: Agent Discovery
    description: >-
      Browse the federated agent network, search agent inventory profiles,
      publisher index, and registry statistics.
  - name: Change Feed
    description: Poll cursor-based registry change events for local sync.
  - name: Lookups & Authorization
    description: >-
      Look up agents by domain or property, and validate ad-serving
      authorization.
  - name: Validation Tools
    description: >-
      Validate publisher adagents.json files and generate compliant
      configurations.
  - name: Community Mirrors
    description: >-
      Publish, fetch, list, and retire catalog-only adagents.json mirrors for
      platforms that have not adopted AdCP.
  - name: Search
    description: Cross-entity search across brands, publishers, agents, and properties.
  - name: Agent Probing
    description: >-
      Connect to live agents and inspect their capabilities, formats, and
      inventory.
  - name: Brand Discovery
    description: Discover and crawl brand.json files across domains.
  - name: Agent Compliance
    description: Agent compliance status, storyboard test results, and compliance history.
  - name: Policy Registry
    description: >-
      Browse, resolve, and contribute governance policies for campaign
      compliance.
paths:
  /api/registry/authorizations:
    get:
      tags:
        - Change Feed
      summary: Per-agent authorization pull
      description: >-
        Default endpoint for verification consumers (DSPs, sales houses,
        agencies). Returns the rows where the requested agent appears as
        `agent_url` — typically ≤ a few hundred. Pair with
        `/api/registry/feed?entity_type=authorization` to tail subsequent
        changes via the `X-Sync-Cursor` header.


        **evidence** defaults to `adagents_json` only. `agent_claim` is opt-in
        (`?evidence=adagents_json,agent_claim`) to prevent buy-side trust misuse
        — see specs/registry-authorization-model.md.
      operationId: getAgentAuthorizations
      parameters:
        - schema:
            type: string
            description: >-
              Agent URL to look up. Canonicalized server-side (lowercased,
              trailing slashes trimmed).
          required: true
          description: >-
            Agent URL to look up. Canonicalized server-side (lowercased,
            trailing slashes trimmed).
          name: agent_url
          in: query
        - schema:
            type: string
            enum:
              - raw
              - effective
            description: >-
              `effective` (default) applies override layer; `raw` reads base
              table.
          required: false
          description: >-
            `effective` (default) applies override layer; `raw` reads base
            table.
          name: include
          in: query
        - schema:
            type: string
            description: Comma-separated evidence allowlist. Defaults to `adagents_json`.
            example: adagents_json,agent_claim
          required: false
          description: Comma-separated evidence allowlist. Defaults to `adagents_json`.
          name: evidence
          in: query
      responses:
        '200':
          description: Authorization rows for the agent.
          headers:
            X-Sync-Cursor:
              description: >-
                UUIDv7 cursor for the authorization change feed at snapshot
                time. Pass to
                /api/registry/feed?entity_type=authorization&cursor=<value>.
              schema:
                type: string
          content:
            application/json:
              schema:
                type: object
                properties:
                  agent_url:
                    type: string
                  evidence:
                    type: array
                    items:
                      type: string
                  include:
                    type: string
                    enum:
                      - raw
                      - effective
                  rows:
                    type: array
                    items:
                      type: object
                      properties:
                        id:
                          type: string
                          format: uuid
                        agent_url:
                          type: string
                        agent_url_canonical:
                          type: string
                        property_rid:
                          type:
                            - string
                            - 'null'
                          format: uuid
                        property_id_slug:
                          type:
                            - string
                            - 'null'
                        publisher_domain:
                          type:
                            - string
                            - 'null'
                        authorized_for:
                          type:
                            - string
                            - 'null'
                        evidence:
                          type: string
                        disputed:
                          type: boolean
                        created_by:
                          type:
                            - string
                            - 'null'
                        expires_at:
                          type:
                            - string
                            - 'null'
                          format: date-time
                        created_at:
                          type: string
                          format: date-time
                        updated_at:
                          type: string
                          format: date-time
                        override_applied:
                          type: boolean
                        override_reason:
                          type:
                            - string
                            - 'null'
                      required:
                        - id
                        - agent_url
                        - agent_url_canonical
                        - property_rid
                        - property_id_slug
                        - publisher_domain
                        - authorized_for
                        - evidence
                        - disputed
                        - created_by
                        - expires_at
                        - created_at
                        - updated_at
                        - override_applied
                        - override_reason
                  count:
                    type: integer
                required:
                  - agent_url
                  - evidence
                  - include
                  - rows
                  - count
        '400':
          description: >-
            Validation error (missing/empty agent_url, unknown evidence, unknown
            include)
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '401':
          description: Authentication required
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - bearerAuth: []
        - oauth2: []
components:
  schemas:
    Error:
      type: object
      properties:
        error:
          type: string
      required:
        - error
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        Bearer token in the `Authorization` header. Two token types are
        accepted:


        - **Organization API key** (`sk_...`) issued via the dashboard.
        Org-scoped, long-lived, for server-to-server use.

        - **User JWT** obtained via the OAuth 2.1 authorization code flow with
        PKCE. User-scoped, short-lived. Discover the authorization server at
        `/.well-known/oauth-authorization-server` and the protected-resource
        metadata at `/.well-known/oauth-protected-resource/api`.
    oauth2:
      type: oauth2
      description: >-
        OAuth 2.1 authorization code flow with PKCE. Users authenticate via
        AuthKit and clients receive a Bearer JWT that authorizes both the MCP
        endpoint and this REST API. Dynamic client registration is supported at
        `/register`.
      flows:
        authorizationCode:
          authorizationUrl: https://agenticadvertising.org/authorize
          tokenUrl: https://agenticadvertising.org/token
          refreshUrl: https://agenticadvertising.org/token
          scopes:
            openid: User identifier
            profile: User profile information
            email: User email address

````