Introduction to Agent OTP

Agent OTP is a lightweight service that provides one-time, scoped permissions for AI agents. It enables human-in-the-loop approval workflows for sensitive operations while allowing safe operations to be auto-approved.

Why Agent OTP?

As AI agents become more autonomous and capable, they need access to sensitive resources like email, databases, financial systems, and more. Traditional authentication methods (API keys, OAuth tokens) grant broad, persistent access that doesn't match the ephemeral, scoped nature of agent operations.

Agent OTP solves this by providing:

• Scoped permissions - Define exactly what an agent can do with each request
• Ephemeral tokens - Tokens expire after use or timeout, eliminating persistent credential risks
• Human-in-the-loop - Configure policies to require human approval for sensitive operations
• Full audit trail - Every request, approval, and usage is logged for compliance

How it works

Quick example

import { AgentOTPClient } from '@orrisai/agent-otp-sdk';

const otp = new AgentOTPClient({
  apiKey: process.env.AGENT_OTP_KEY,
});

// Request permission to send an email
const permission = await otp.requestPermission({
  action: 'gmail.send',
  resource: 'email:client@example.com',
  scope: {
    max_emails: 1,
  },
  context: {
    reason: 'Sending invoice to client',
  },
  waitForApproval: true,
});

if (permission.status === 'approved') {
  // Token is scoped to exactly this operation
  await sendEmail({
    to: 'client@example.com',
    otpToken: permission.token,
  });
}

Key features

Next steps