Commercial Ratify Platform
The commercial Ratify Platform by Identities AI is the managed layer that sits on top of the free Ratify Protocol and SDKs.
Canonical protocol sources:
Use this guide when you are building an agent platform, a service that accepts delegated proof bundles, or a customer-facing product that needs hosted policy, audit, or enforcement.
What you actually integrate
Section titled “What you actually integrate”You still use the SDKs.
The SDKs do the cryptographic work:
- create human and agent identities
- issue delegation certificates
- generate challenges
- sign proof bundles
- verify proof bundles
The commercial Ratify Platform by Identities AI supplies the hosted control plane around those SDK calls:
- developer registration
- publisher profile and domain verification
- platform registration
- API key and signing-secret management
- team/org policy
- revocation, audit, and approval workflows
- managed surfaces such as API Gateway, Meetings, Voice, and Physical AI
Registration flow
Section titled “Registration flow”- Sign in to the Identities AI app.
- Decide whether you are integrating as a personal account or an organization.
- If you only need API Gateway development, a personal account can register one draft platform.
- If you need publishing, Meetings, Voice, Physical AI, team members, or multiple platforms, create an organization.
- For an organization, verify the publisher domain before publishing platforms.
- Register a platform in the Developer Console.
- Choose the surface type: API Gateway, Meetings, Voice, or Physical AI.
- Copy the API key and signing secret shown at registration.
- Connect your app or gateway with those credentials.
If you are specifically building a voice agent or telephony product, see Voice Surface.
flowchart LR A[Sign in to app.identities.ai] --> B[Choose personal account or organization] B --> C[Register a platform] C --> D[Receive API key + secrets] D --> E[Connect your runtime] E --> F[Verify bundles at API Gateway, Meetings, Voice, or Physical AI] F --> G[Receive callbacks for lifecycle and revocation]Which surface to choose
Section titled “Which surface to choose”| Surface | Who can use it | What it is for |
|---|---|---|
| API Gateway | personal accounts and organizations | MCP, A2A, and REST verification |
| Meetings | organizations | meeting join enforcement and participant policy |
| Voice | organizations | call-signaling verification, live voice consent, and agent speaking authorization |
| Physical AI | enterprises | robots, vehicles, drones, and infrastructure |
API Gateway integration
Section titled “API Gateway integration”For API Gateway, your agent platform or backend verifies proof bundles before executing a protected request.
Typical flow:
- Your app registers a platform in the Developer Console.
- Your gateway receives an
X-Ratify-Proofheader or equivalent transport envelope. - Your gateway uses the Ratify SDK to verify the proof bundle.
- Your gateway maps the request to a required scope such as
execute:tool,data:read, orpayments:send. - If verification passes, the request proceeds.
- If verification fails, reject the request before business logic runs.
Platform connection flow
Section titled “Platform connection flow”When your product connects to a customer organization, use the connection credentials from the Ratify Platform:
X-Ratify-API-Keyto authenticate calls to the Ratify APIX-Ratify-Signatureto verify inbound events and webhooks
Use the SDKs to build the proofs that the platform verifies. Use the platform to manage the customer-facing configuration, policy, and audit trail.
Minimal platform skeleton
Section titled “Minimal platform skeleton”apiKey := os.Getenv("RATIFY_API_KEY")webhookSecret := os.Getenv("RATIFY_WEBHOOK_SECRET")_ = apiKey_ = webhookSecretconst apiKey = process.env.RATIFY_API_KEY;const webhookSecret = process.env.RATIFY_WEBHOOK_SECRET;void apiKey;void webhookSecret;api_key = os.getenv("RATIFY_API_KEY")webhook_secret = os.getenv("RATIFY_WEBHOOK_SECRET")let api_key = std::env::var("RATIFY_API_KEY").ok();let webhook_secret = std::env::var("RATIFY_WEBHOOK_SECRET").ok();let _ = (api_key, webhook_secret);What to build in your app
Section titled “What to build in your app”If you are integrating Ratify into your own agentic product, your app usually has three responsibilities:
- Generate or load identities through the SDK.
- Present proof bundles whenever your agent acts.
- Call Ratify Platform endpoints when you need hosted registration, policy, or enforcement.
That is the clean split:
- protocol and SDKs for cryptography
- commercial platform by Identities AI for operations
For callback behavior and event payloads, see Callbacks and Webhooks.