API Reference — BLANXLAIT Agent Registry

Discovery (no auth required)

Method	Path	Description
`GET`	`/agents`	List all agents. URLs redacted for private agents. Supports `?alive=true&maxAgeMs=300000`
`GET`	`/agents/{name}`	Get single agent. Pass `X-Api-Key` header to unlock private agent URL
`GET`	`/agents/{name}/agent-card`	Get stored A2A agent card
`GET`	`/health`	Health check

APM Compatible (no auth required)

Method	Path	Description
`GET`	`/v0/servers`	List as APM server entries. Supports `?limit=&cursor=`
`GET`	`/v0/servers/search`	Search by `?q=` across name, description, skills, tags
`GET`	`/v0/servers/{id}`	Get single server by ID (id = agent name)

Agent Management (Google OAuth required)

Send your Google ID token as Authorization: Bearer TOKEN

Method	Path	Description
`POST`	`/agents`	Register or update an agent. Body: `{"name","url","description","skills","public"}`. Returns `heartbeatToken`
`DELETE`	`/agents/{name}`	Deregister (owner only). Also deletes associated API keys
`PUT`	`/agents/{name}/heartbeat`	Update liveness. Uses heartbeat token (not Google JWT): `Authorization: Bearer HEARTBEAT_TOKEN`

Key Management (Google OAuth required, owner only)

Method	Path	Description
`POST`	`/agents/{name}/keys`	Create API key. Body: `{"label":"my-laptop"}`. Returns raw key once
`GET`	`/agents/{name}/keys`	List keys (keyId + label, no hashes)
`DELETE`	`/agents/{name}/keys/{keyId}`	Revoke a key

Machine-Readable

Path	Description
`/.well-known/agent-card.json`	A2A agent card for the registry itself
`/llms.txt`	LLM-readable site description

Authentication

Publisher (managing agents)

Google OAuth via CLI (npm run registry -- login) or browser (dashboard). The Google ID token JWT is verified against Google's JWKS. Your verified email becomes the agent owner.

Consumer (calling private agents)

API keys created by the agent owner. Pass as X-Api-Key: ar_... header. Keys are SHA-256 hashed at rest — the raw key is shown once at creation.

Heartbeat

Lightweight random token issued at registration. Pass as Authorization: Bearer TOKEN. No JWT verification needed — simple string comparison for low-overhead 60s heartbeats.