THESEUS_RPC_URL to read from a Theseus node.Verify · Proof of Agenthood
Verify a credential.
Paste the credential token issued by theseus.network/poa. Or, to look up an agent by address, start at /poa.
+ What is a credential token?− What is a credential token?
A credential token is a long string with three parts joined by dots. The first two are public data (who, what, when); the third is a cryptographic signature only we can produce. We check that signature with our public key (standard JWS / JWKS if you're wondering).
02 · Verify elsewhere
The credential is a compact JWS signed with our Ed25519 key. The public JWK is at /poa/.well-known/jwks.json. Any JOSE-compatible library will verify it.
For programmatic gating, match against claims.agent.capabilities.intentTypes (the signed array of raw strings). The bundles field returned by /poa/api/verify is a derived display helper that can change without revoking credentials, so don't treat it as a contract.
Verifying from your agent: if you're writing a Theseus agent in SHIP, call PoA through a verification tool. If you're using VIC-HTN to compile intents, register PoA as a Logical Guardian invariant. Both paths hit the same POST /poa/api/verify endpoint as the cURL and library recipes.
# Use the PoA verify endpoint directly. Easiest path.
curl -sS https://theseus.network/poa/api/verify \
-H 'content-type: application/json' \
-d '{"jws":"eyJhbGciOi..."}'
# Or fetch the public JWKS and verify offline with any JOSE tool:
curl -sS https://theseus.network/poa/.well-known/jwks.jsonThe point of a verified credential is that someone else uses it. A protocol fronting your agent on its own page can embed a small “verified” badge that links back to /poa/<agentId>. We don't ship a hosted widget yet. Render whatever you like from the signed claims.