# Open Money · Agent Authentication Open exposes a programmatic surface for AI agents acting on behalf of finance teams. Agents authenticate via OAuth 2.0 (with an OpenID Connect issuer at `https://app.open.money`). This file is the agent-side onboarding pointer. ## Authorisation server - **Issuer:** `https://app.open.money` - **Discovery document:** `https://open.money/.well-known/oauth-authorization-server` - **Protected-resource metadata:** `https://open.money/.well-known/oauth-protected-resource` - **JWKS:** `https://app.open.money/.well-known/jwks.json` ## Endpoints | Purpose | URL | |--------------------------|------------------------------------------------------| | Authorize | `https://app.open.money/oauth/authorize` | | Token | `https://app.open.money/oauth/token` | | Revoke | `https://app.open.money/oauth/revoke` | | Introspect | `https://app.open.money/oauth/introspect` | | Dynamic client register | `https://app.open.money/oauth/register` | | **Agent register** | `https://app.open.money/oauth/agent-register` | | **Agent claims** | `https://app.open.money/oauth/agent-claims` | | **Agent revoke** | `https://app.open.money/oauth/agent-revoke` | ## Supported grants - `authorization_code` (PKCE S256 required) - `refresh_token` - `client_credentials` (for back-end service agents) ## Supported scopes | Scope | Use | |---------------------|-------------------------------------------------------------------------| | `openid` | OpenID Connect identity | | `profile` / `email` | Standard claims | | `accounts.read` | Read balances and account metadata across all linked banks | | `transactions.read` | Read Smart Statement transactions and tagging | | `payments.write` | **Draft** payments; execution still requires human maker-checker | | `agents.act` | Execute autonomous skills inside pre-approved policy envelopes only | ## Identity and credential types - **Identity types:** `service_account` (back-end agent), `delegated_user` (acting on behalf of a logged-in finance user) - **Credential types:** `client_assertion_jwt` (RFC 7521/7523), signed with RS256 or ES256 against keys published in the agent's JWKS ## Supervision model — non-negotiable Open is supervised AI by contract. - **Reads** (`read.*`, `accounts.read`, `transactions.read`) — execute on agent authority within the granted scope. - **Drafts** (`draft.*`, `payments.write`) — agents prepare; a human maker-checker approves before money moves. - **Acts** (`act.*`, `agents.act`) — execute autonomously only inside pre-approved policy envelopes (e.g. sweep idle balance > ₹50L into FD ladder). Out-of-policy actions fall back to drafting. Every agent action — read, draft or act — is recorded against the underlying transaction in Smart Statement and surfaces in maker-checker queues with full lineage. ## MCP Open also exposes its skills as an MCP server. Card: `https://open.money/.well-known/mcp/server-card.json`. Transport: `https://app.open.money/mcp` (streamable HTTP). Use the OAuth flow above to obtain a token with `agents.act` scope. ## Skills index `https://open.money/.well-known/agent-skills/index.json` lists every skill exposed today. ## Get in touch Build something interesting? Email `letstalk@bankopen.co` or open a ticket at `https://help.open.money/support/tickets/new`.