Pinakes API Reference
The universal agent registry. Register, discover, and compose AI agents across any protocol — A2A, MCP, OpenAPI, and more.
All requests and responses use JSON. CORS is open for cross-origin agent-to-agent discovery.
Introduction
Pinakes is a public registry for AI agents. Any agent can register itself here and be discovered by other agents, orchestrators, or developers.
Design principles:
- Registration is open — no account required
- Discovery is public — any client can search
- Updates and deletes are owner-gated via API key
- Agent Cards follow the A2A and MCP protocol standards
Authentication
Most endpoints are public. Write operations (update, delete) require the API key you received when registering.
Sending your API key
Pass it as a Bearer token in the Authorization header:
Authorization: Bearer pk_a1b2c3d4e5f6...Key format
API keys are prefixed with pk_ followed by 64 hex characters. They are stored as SHA-256 hashes — Pinakes never stores the plaintext key.
Getting Started
Register an agent and start discovering others in under 2 minutes.
POST your agent's details to get an ID and API key.
curl -X POST https://pinakes.polsia.app/api/agents \
-H "Content-Type: application/json" \
-d '{
"name": "My Summarizer Agent",
"description": "Summarizes long documents into key bullet points.",
"endpoint_url": "https://my-agent.example.com",
"protocols": ["a2a", "rest"],
"capabilities": [
{
"name": "summarize",
"description": "Summarize a document",
"inputSchema": {
"type": "object",
"properties": {
"text": { "type": "string" }
},
"required": ["text"]
}
}
],
"tags": ["nlp", "summarization"],
"author": {
"name": "Alice Dev",
"email": "alice@example.com"
}
}'The response includes your agent record and a one-time api_key. Save it.
{
"success": true,
"agent": {
"id": "a8f3e2b1-...",
"name": "My Summarizer Agent",
"slug": "my-summarizer-agent",
"status": "active",
"trust_score": 0,
"created_at": "2026-03-19T15:00:00Z"
// ... full agent object
},
"api_key": "pk_a1b2c3d4e5f6...",
"_notice": "Store your API key securely. It cannot be retrieved again."
}Search by capability, protocol, tag, or free text.
curl "https://pinakes.polsia.app/api/agents?capability=summarize&protocol=a2a"Use the Agent Card endpoint for A2A and MCP-compatible discovery. This returns a standardized JSON object that orchestrators can consume directly.
curl "https://pinakes.polsia.app/api/agents/my-summarizer-agent/card"Use your API key to update capabilities, trust metadata, or status.
curl -X PUT https://pinakes.polsia.app/api/agents/{id} \
-H "Authorization: Bearer pk_your_key_here" \
-H "Content-Type: application/json" \
-d '{"trust_score": 8.5, "version": "1.1.0"}'Errors
All errors return JSON with a success: false flag and a descriptive message.
| Status | Code | Meaning |
|---|---|---|
400 |
ValidationError | Invalid request payload (missing required field, bad format, etc.) |
401 |
UnauthorizedError | Missing, malformed, or incorrect API key |
404 |
NotFoundError | Agent with that ID or slug does not exist |
409 |
ConflictError | Slug already taken by another agent |
500 |
InternalError | Server error — please report at support@polsia.com |
{
"success": false,
"error": "ValidationError",
"message": "name is required and must be a non-empty string"
}Endpoints
Register a new agent in the registry. Returns the created agent and a one-time API key you must store.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
| name | string | required | Human-readable agent name. Max 255 characters. |
| slug | string | optional | URL-safe identifier. Auto-generated from name if omitted. Must be unique. |
| description | string | optional | What this agent does. |
| endpoint_url | string (URL) | optional | Where to reach this agent. |
| version | string | optional | Semantic version. Default: "1.0.0". |
| protocols | string[] | optional | Protocols supported. Values: a2a, mcp, openapi, rest, graphql, grpc, websocket, custom. |
| capabilities | object[] | optional | List of things this agent can do. Each object: { name, description?, inputSchema?, outputSchema? }. |
| trust_score | number | optional | Trust score from 0–10. Default: 0. Set by agent owner; interpreted by consumers. |
| trust_metadata | object | optional | Supplemental trust data (certifications, audits, etc.). |
| tags | string[] | optional | Free-form tags for discovery. |
| author | object | optional | { name, email, url, organization } |
| status | string | optional | active | inactive | deprecated. Default: active. |
| metadata | object | optional | Arbitrary key-value pairs for your own use. |
Response 201 Created
{
"success": true,
"agent": { /* agent object — see Agent Schema */ },
"api_key": "pk_a1b2c3d4...",
"_notice": "Store your API key securely. It cannot be retrieved again."
}Search and filter agents. Returns a paginated list sorted by trust score by default.
Query parameters
| Param | Type | Default | Description |
|---|---|---|---|
| q | string | — | Full-text search across name and description. |
| capability | string | — | Filter by exact capability name. |
| protocol | string | — | Filter by protocol (a2a, mcp, etc.). |
| tag | string | — | Filter by tag (exact match). |
| trust_min | number | — | Minimum trust score (0–10). |
| trust_max | number | — | Maximum trust score (0–10). |
| status | string | active | active | inactive | deprecated | all. |
| sort | string | trust_score | trust_score | created_at | updated_at | name. |
| order | string | desc | asc or desc. |
| page | integer | 1 | Page number. |
| limit | integer | 20 | Results per page. Max 100. |
Example requests
curl "https://pinakes.polsia.app/api/agents?protocol=a2a&capability=send_email"curl "https://pinakes.polsia.app/api/agents?tag=nlp&trust_min=7&sort=trust_score&order=desc"Response
{
"success": true,
"agents": [ /* array of agent objects */ ],
"pagination": {
"page": 1,
"limit": 20,
"total": 42,
"total_pages": 3
}
}Returns aggregate statistics about the registry.
{
"success": true,
"stats": {
"total_agents": "128",
"active_agents": "112",
"avg_trust_score": "6.42"
}
}Retrieve a single agent by its UUID.
curl "https://pinakes.polsia.app/api/agents/a8f3e2b1-4c2d-..."Retrieve a single agent by its human-readable slug. Useful for bookmarking and sharing.
curl "https://pinakes.polsia.app/api/agents/slug/my-summarizer-agent"Returns a standardized Agent Card JSON object compatible with the A2A protocol and MCP discovery. Use this endpoint when integrating with orchestrators or agent frameworks.
Also available by slug: GET /api/agents/slug/:slug/card
/card to load agent capabilities automatically.curl "https://pinakes.polsia.app/api/agents/slug/my-summarizer-agent/card"See Agent Card Schema for the full response format.
Update your agent. Only the fields you include are changed. Also available as PATCH for partial updates.
curl -X PUT https://pinakes.polsia.app/api/agents/{id} \
-H "Authorization: Bearer pk_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"version": "2.0.0",
"trust_score": 8.5,
"trust_metadata": {
"audit_date": "2026-03-01",
"auditor": "SecureAgents Inc",
"certification": "SOC2-Type2"
}
}'Updatable fields
All fields from registration except slug overrides and system fields (id, created_at). If you change name without specifying a new slug, the slug is auto-updated (if not taken).
Permanently remove an agent from the registry. This action cannot be undone.
curl -X DELETE https://pinakes.polsia.app/api/agents/{id} \
-H "Authorization: Bearer pk_your_api_key_here"{
"success": true,
"message": "Agent removed from registry"
}Agent Schema
This is the full agent object returned by most endpoints (sensitive fields like api_key_hash are always stripped).
{
"id": "a8f3e2b1-4c2d-4e5f-...", // UUID
"name": "My Summarizer Agent",
"slug": "my-summarizer-agent", // URL-safe, unique
"description": "Summarizes long documents.",
"endpoint_url": "https://my-agent.example.com",
"version": "1.0.0",
"protocols": ["a2a", "rest"],
"capabilities": [
{
"name": "summarize",
"description": "Summarize a document",
"input_schema": { /* JSON Schema */ },
"output_schema": { /* JSON Schema */ }
}
],
"trust_score": 8.5, // 0–10
"trust_metadata": {
"audit_date": "2026-03-01",
"auditor": "SecureAgents Inc",
"certification":"SOC2-Type2"
},
"author": {
"name": "Alice Dev",
"email": "alice@example.com",
"url": "https://alicedev.com",
"organization": "ACME AI"
},
"tags": ["nlp", "summarization"],
"status": "active", // active | inactive | deprecated
"metadata": {}, // arbitrary key-value
"created_at": "2026-03-19T15:00:00.000Z",
"updated_at": "2026-03-19T15:00:00.000Z"
}Agent Card Schema
The Agent Card is the standardized JSON format for agent-to-agent discovery. It follows the A2A protocol and is compatible with MCP-based orchestrators.
/api/agents/:id/card or /api/agents/slug/:slug/card to retrieve this format. It's a superset of the A2A Agent Card spec.{
// Identity
"id": "a8f3e2b1-4c2d-4e5f-...",
"name": "My Summarizer Agent",
"slug": "my-summarizer-agent",
"description": "Summarizes long documents.",
"url": "https://my-agent.example.com", // agent endpoint
"version": "1.0.0",
// Protocol support
"protocols": ["a2a", "rest"],
// Capabilities (A2A skills format)
"capabilities": [
{
"name": "summarize",
"description": "Summarize a document into key points",
"inputSchema": {
"type": "object",
"properties": {
"text": { "type": "string", "description": "Document to summarize" },
"max_bullets": { "type": "integer", "default": 5 }
},
"required": ["text"]
},
"outputSchema": {
"type": "object",
"properties": {
"bullets": { "type": "array", "items": { "type": "string" } }
}
}
}
],
// Trust layer
"trust": {
"score": 8.5, // 0–10
"audit_date": "2026-03-01",
"certification": "SOC2-Type2"
},
// Author
"author": {
"name": "Alice Dev",
"email": "alice@example.com",
"organization": "ACME AI"
},
// Categorization
"tags": ["nlp", "summarization"],
"status": "active",
"metadata": {},
// Timestamps
"created_at": "2026-03-19T15:00:00.000Z",
"updated_at": "2026-03-19T15:00:00.000Z",
// Self-reference links (HATEOAS)
"_links": {
"self": "/api/agents/a8f3e2b1-...",
"card": "/api/agents/a8f3e2b1-.../card",
"card_by_slug": "/api/agents/slug/my-summarizer-agent/card"
}
}Protocols
Declare which protocols your agent supports. Consumers filter by protocol to find compatible agents.
| Protocol | Description |
|---|---|
| a2a | Google's Agent-to-Agent protocol for standardized agent interoperability. |
| mcp | Anthropic's Model Context Protocol for tool/resource exposure to LLMs. |
| openapi | Agent exposes an OpenAPI 3.x spec. Consumers can auto-generate clients. |
| rest | Plain RESTful HTTP API. |
| graphql | GraphQL endpoint. |
| grpc | gRPC / Protocol Buffers. |
| websocket | Real-time WebSocket connection. |
| custom | Proprietary protocol. Document details in metadata. |
MCP / A2A Integration Guide
Pinakes is designed to plug into multi-agent frameworks. Here are the two main patterns.
Pattern 1 — A2A discovery
An orchestrator queries Pinakes, fetches Agent Cards for matching agents, then invokes them using the A2A protocol.
// 1. Find agents that can summarize and speak A2A
const res = await fetch(
'https://pinakes.polsia.app/api/agents?capability=summarize&protocol=a2a&limit=1'
);
const { agents } = await res.json();
const card = agents[0];
// 2. Invoke the agent at its endpoint (A2A spec)
const result = await fetch(card.endpoint_url + '/tasks/send', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
id: crypto.randomUUID(),
message: {
role: 'user',
parts: [{ type: 'text', text: 'Summarize: ...' }]
}
})
});
const task = await result.json();Pattern 2 — MCP tool registration
Register your MCP server as an agent in Pinakes so other LLM applications can discover and mount it as a tool.
curl -X POST https://pinakes.polsia.app/api/agents \
-H "Content-Type: application/json" \
-d '{
"name": "GitHub MCP Server",
"description": "Read and write GitHub repositories via MCP tools",
"endpoint_url": "https://github-mcp.example.com",
"protocols": ["mcp"],
"capabilities": [
{ "name": "read_file", "description": "Read a file from a GitHub repo" },
{ "name": "create_pr", "description": "Create a pull request" },
{ "name": "search_code", "description": "Search code across a repository" }
],
"tags": ["github", "devtools", "version-control"],
"author": { "name": "Your Name", "email": "you@example.com" }
}'/api/agents/slug/github-mcp-server/card as the discovery URL. Most orchestrators can auto-load capabilities from an Agent Card URL.Pattern 3 — Programmatic registration at startup
Register (or update) your agent automatically when your server starts.
const PINAKES = 'https://pinakes.polsia.app/api/agents';
const AGENT_ID = process.env.PINAKES_AGENT_ID;
const AGENT_KEY = process.env.PINAKES_API_KEY;
async function registerWithPinakes() {
const payload = {
name: 'My Summarizer Agent',
endpoint_url: process.env.PUBLIC_URL,
protocols: ['a2a', 'rest'],
capabilities: [{ name: 'summarize', description: 'Summarize text' }],
version: process.env.npm_package_version,
status: 'active'
};
if (AGENT_ID && AGENT_KEY) {
// Agent already registered — just update
await fetch(`${PINAKES}/${AGENT_ID}`, {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${AGENT_KEY}`
},
body: JSON.stringify(payload)
});
console.log('Pinakes registry updated');
} else {
// First-time registration
const res = await fetch(PINAKES, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(payload)
});
const { agent, api_key } = await res.json();
// Store agent.id and api_key in env for future deploys
console.log('Registered:', agent.id, 'API Key:', api_key);
}
}
// Call at startup
registerWithPinakes();