Interactive Demo — No account required
Explore Constrix
Pick your role and interact with Constrix capabilities directly in your browser. Everything runs client-side — zero cost, zero setup.
Agent Token Flow
RFC 7523 jwt-bearer grant
1
Agent→Constrix AAB
Present AIT assertion
2
Constrix AAB→Scope Engine
Verify + filter scopes
3
Scope Engine→Token Minter
Mint access token
4
Token Minter→Agent
Return OAuth response
5
Agent→Protected API
Call API with token
Code Snippet
import httpx
# 1. Exchange AIT for access token (RFC 7523 jwt-bearer)
token_resp = httpx.post(
"https://auth.constrix.ai/oauth/token",
data={
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"assertion": YOUR_AIT, # signed by seal.key
"scope": "read:policies write:capl",
},
timeout=5,
)
token_resp.raise_for_status()
access_token = token_resp.json()["access_token"]
# 2. Call protected endpoint
resp = httpx.get(
"https://api.constrix.ai/v1/policies",
headers={"Authorization": f"Bearer {access_token}"},
)
print(resp.json())RFC 7523Ed25519 AITTier-aware TTL