@adcp/sdk API Reference - v7.9.0
    Preparing search index...

    Interface AgentRequestSigningConfigInline

    In-process signing identity. The SDK loads the private JWK at request time and signs synchronously — appropriate for development, testing, and deployments where holding the private scalar in process memory is acceptable.

    kind defaults to 'inline' so existing literals without the field continue to type-check.

    interface AgentRequestSigningConfigInline {
        always_sign?: string[];
        sign_supported?: boolean;
        jwks_uri?: string;
        kind?: "inline";
        kid: string;
        alg: "ed25519" | "ecdsa-p256-sha256";
        private_key: AdcpPrivateJsonWebKey;
        agent_url: string;
    }

    Hierarchy (View Summary)

    Index

    Properties

    always_sign? sign_supported? jwks_uri? kind? kid alg private_key agent_url

    Properties

    always_sign?: string[]

    AdCP operation names to sign regardless of the seller's advertisement. Useful during pilots before a counterparty flips an op into required_for.

    sign_supported?: boolean

    When true, also sign operations the seller lists in supported_for (but not required_for). Defaults to false — conservative "sign what the seller asks for" behavior.

    jwks_uri?: string

    Informational mirror of the JWKS endpoint where this agent publishes its verification keys. Verifiers do not read this field — they walk brand.json from agent_url to discover the authoritative jwks_uri. The field is carried on the buyer-side config so audit logs, custom verifier wiring, and split-domain setups have a single self-describing source of truth that matches what brand.json publishes.

    Common case: split-domain setups where the JWKS lives off the conventional ${agent_url}/.well-known/jwks.json path (identity domain separate from the agent endpoint). Make sure brand.json's jwks_uri agrees with whatever you set here — brand.json is authoritative; this field documents intent.

    kind?: "inline"

    Discriminator. Defaults to 'inline' so legacy literals work unchanged.

    kid: string

    Key identifier (published by the buyer at its JWKS endpoint)

    alg: "ed25519" | "ecdsa-p256-sha256"

    Signature algorithm. Must match the key material.

    private_key: AdcpPrivateJsonWebKey

    Private signing key as a JWK. Must include d (the private scalar); other fields mirror the public JWK the buyer publishes for verification.

    agent_url: string

    Agent's base URL (e.g., https://buyer.example.com). Consistent with every other agent_url field across AdCP — formats, creatives, signals, brand. Sellers derive the JWKS endpoint via the conventional well-known suffix ({agent_url}/.well-known/adcp-jwks.json); a handful of deploys override the path via seller-side resolver configuration.

    The client does not read this field — the signer only needs the local private key — but it's carried here so the field sits next to kid / alg / private_key and is available to downstream audit logging or custom verifier wiring.

    Settings

    Member Visibility

    On This Page

    Properties