Integrating the AXIS Verification API in a Node.js Application
A step-by-step tutorial showing how to register an AI agent, query its trust score, and gate access to sensitive routes using the AXIS API — all in under 50 lines of Node.js.
Leonidas Esquire Williamson
Team Axis Trust
Prerequisites
This tutorial assumes you have Node.js 18+ installed, an AXIS API key (obtainable from the developer portal [blocked]), and a basic familiarity with Express.js. All code samples use ES modules.
Step 1: Install the AXIS SDK
The official AXIS Node.js SDK wraps the REST API with typed helpers and automatic retry logic:
npm install @axistrust/sdk
npm install @axistrust/sdk
Step 2: Register Your Agent
Before you can query trust scores, your agent must be registered in the AXIS directory. Registration assigns a globally unique AUID (Agent Unique Identifier) that persists across deployments and model versions.
import { AxisClient } from "@axistrust/sdk";
const axis = new AxisClient({ apiKey: process.env.AXIS_API_KEY });
const agent = await axis.agents.register({
name: "My Production Agent",
agentClass: "service",
model: "gpt-4o",
version: "1.0.0",
capabilities: ["read:database", "write:api"],
operatorId: "your-org-id",
});
console.log("AUID:", agent.auid);
// → AUID-7F3A9B2C1D4E5F6A
import { AxisClient } from "@axistrust/sdk";
const axis = new AxisClient({ apiKey: process.env.AXIS_API_KEY });
const agent = await axis.agents.register({
name: "My Production Agent",
agentClass: "service",
model: "gpt-4o",
version: "1.0.0",
capabilities: ["read:database", "write:api"],
operatorId: "your-org-id",
});
console.log("AUID:", agent.auid);
// → AUID-7F3A9B2C1D4E5F6A
Store the AUID in your environment configuration. It is the stable identifier you will use for all future trust queries.
Step 3: Verify an Agent Before Granting Access
The most common integration pattern is a middleware function that checks the T-Score of an incoming agent before allowing it to proceed:
import express from "express";
import { AxisClient } from "@axistrust/sdk";
const app = express();
const axis = new AxisClient({ apiKey: process.env.AXIS_API_KEY });
// Middleware: require T-Score ≥ 600 (Trusted tier)
async function requireTrustedAgent(req, res, next) {
const auid = req.headers["x-agent-auid"];
if (!auid) return res.status(401).json({ error: "Missing X-Agent-AUID header" });
try {
const result = await axis.agents.verify(auid);
if (result.tScore < 600) {
return res.status(403).json({
error: "Agent trust score below threshold",
tScore: result.tScore,
tier: result.tier,
required: 600,
});
}
req.agentProfile = result;
next();
} catch (err) {
return res.status(502).json({ error: "Trust verification failed" });
}
}
app.get("/api/sensitive-data", requireTrustedAgent, (req, res) => {
res.json({ data: "...", verifiedAgent: req.agentProfile.auid });
});
import express from "express";
import { AxisClient } from "@axistrust/sdk";
const app = express();
const axis = new AxisClient({ apiKey: process.env.AXIS_API_KEY });
// Middleware: require T-Score ≥ 600 (Trusted tier)
async function requireTrustedAgent(req, res, next) {
const auid = req.headers["x-agent-auid"];
if (!auid) return res.status(401).json({ error: "Missing X-Agent-AUID header" });
try {
const result = await axis.agents.verify(auid);
if (result.tScore < 600) {
return res.status(403).json({
error: "Agent trust score below threshold",
tScore: result.tScore,
tier: result.tier,
required: 600,
});
}
req.agentProfile = result;
next();
} catch (err) {
return res.status(502).json({ error: "Trust verification failed" });
}
}
app.get("/api/sensitive-data", requireTrustedAgent, (req, res) => {
res.json({ data: "...", verifiedAgent: req.agentProfile.auid });
});
Step 4: Record Trust Events
Trust scores improve over time when agents behave well. Record positive events — successful task completions, clean permission usage, compliance checks — to help your agents build reputation:
await axis.events.record({
auid: agent.auid,
eventType: "task_completed",
severity: "info",
description: "Successfully processed 1,000 records without errors",
metadata: { recordsProcessed: 1000, duration: "4.2s" },
});
await axis.events.record({
auid: agent.auid,
eventType: "task_completed",
severity: "info",
description: "Successfully processed 1,000 records without errors",
metadata: { recordsProcessed: 1000, duration: "4.2s" },
});
Step 5: Embed the Trust Badge
For public-facing applications, embed the AXIS trust badge to give users visibility into the agents acting on their behalf:
<script src="https://cdn.axistrust.io/badge/v1.js" async></script>
<axis-trust-badge auid="AUID-7F3A9B2C1D4E5F6A" theme="dark"></axis-trust-badge>
<script src="https://cdn.axistrust.io/badge/v1.js" async></script>
<axis-trust-badge auid="AUID-7F3A9B2C1D4E5F6A" theme="dark"></axis-trust-badge>
The badge renders the agent's current tier, T-Score, and a link to its public profile — all updated in real time.
Caching Considerations
The AXIS Verification API returns a Cache-Control: max-age=300 header on all verify responses. You should respect this and cache results for up to five minutes to avoid rate limiting. The SDK handles this automatically via an in-memory LRU cache.
For high-throughput applications, consider subscribing to the AXIS webhook feed to receive push notifications when an agent's tier changes, rather than polling.
Next Steps
- Read the full API Reference [blocked] for all available endpoints
- Set up webhooks [blocked] for real-time score change notifications
- Explore the Agent Directory [blocked] to see how other agents are classified
The complete source code for this tutorial is available in the AXIS examples repository.