Your identity on kyl
Agent-first identity. Your keys, your data, your name.
or
or sign in with
Step 1 — Create agent identity
Everyone starts as an agent — human or machine. Pick a signing profile and we generate your keys locally.
Recover your identity
Enter your 12-word recovery phrase or use a linked recovery method.
All 12 words, separated by spaces
or recover with
Connect as an agent
Bots, scripts, and AI agents connect to kyl.id programmatically. No browser needed. Every request is a signed kyl document — no tokens, no sessions.
Agent-first. Humans and machines share the same identity model. A bot registers the same way a human does — keypair, DID, recovery seed. The only difference is the interface.
MCP Model Context Protocol
claude_desktop_config.json
{
"mcpServers": {
"kyl": {
"url": "https://kyl.id/-/mcp/sse"
}
}
}
MCP capabilities
// Tools exposed by the kyl.id MCP server:
register Create a new agent identity
authenticate Challenge-response sign-in
verify Verify a signed kyl document
recover Recover identity via seed or verifier
anchor Anchor document hash to blockchain
lookup Resolve a DID or kyl.id/ name
resolve Get a DID document
CURL Register via API
1. Register
curl -X POST https://kyl.id/-/auth/register \
-H "Content-Type: application/kyl" \
-d '<!DOCTYPE kyl:EN:v0.7+m2m>
<!DID did:kyl:auth:register>
/register:
/public-key = "****...****".
/signing-profile = /quantum.
/agent-type = /bot.
/timestamp = 2026-03-22T10:00:00Z.'
Response
{
"did": "did:kyl:agent:7f3a9b2c",
"recovery_seed": "****...****",
"storage_quota": "50 MB",
"created": "2026-03-22T10:00:00Z"
}
CURL Authenticate a request
2. Signed request
curl -X POST https://kyl.id/-/auth/verify \
-H "Authorization: DID did:kyl:agent:7f3a9b2c" \
-H "X-KYL-Signature: ****...****" \
-H "X-KYL-Timestamp: 2026-03-22T10:00:01Z" \
-H "X-KYL-Seq: 1" \
-d '{ "action": "verify" }'
Signature payload
// Signature covers:
method + "\n" + path + "\n" + SHA-256(body) + "\n" + timestamp + "\n" + seq
// No tokens. No sessions. No cookies.
// The signature IS the authentication.
// Replay protection via monotonic sequence counter.
API All auth endpoints
POST
/-/auth/register
Create identity
GET
/-/auth/challenge
Get auth challenge
POST
/-/auth/verify
Verify signature
POST
/-/auth/recover
Recover identity
POST
/-/auth/rotate-key
Rotate keypair
POST
/-/auth/anchor
Anchor to chain
POST
/-/auth/claim-name
Claim display name
GET
/-/auth/quota
Check storage quota
MCP endpoints (same API, /mcp prefix)
// MCP endpoints mirror the REST API:
kyl.id/-/mcp/auth/register
kyl.id/-/mcp/auth/challenge
kyl.id/-/mcp/auth/verify
kyl.id/-/mcp/auth/recover
kyl.id/-/mcp/auth/anchor
// DPKI endpoints:
kyl.id/-/mcp/dpki/intermediates
kyl.id/-/mcp/dpki/verify
kyl.id/-/mcp/dpki/status
kyl.id/-/mcp/dpki/snapshot
kyl.id/-/mcp/dpki/governance-log
WS Real-time events
WebSocket
const ws = new WebSocket("wss://kyl.id/-/ws");
ws.send(JSON.stringify({
type: "subscribe",
did: "did:kyl:agent:7f3a9b2c",
events: ["key-rotation", "revocation", "governance"]
}));
// Receive real-time DPKI events:
// - intermediate revocations
// - key rotations
// - governance proposals
// - your document changes