L1 cryptographically verifies that the request came from who the headers claim it did, and that the body wasn’t modified in transit. RFC 9421 HTTP message signatures with replay-window enforcement and key rotation. Symmetric on both sides — agents verify inbound and sign outbound webhooks; callers sign outbound and verify inbound webhooks.Documentation Index
Fetch the complete documentation index at: https://agenticadvertisingorg-changeset-release-main.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
What an SDK at L1 must provide
If you’re picking an SDK or porting one to a new language, this is the L1 build target:- RFC 9421 message-signature signing for outbound requests.
- RFC 9421 verification for inbound requests, including replay-window enforcement on
created/expiresandkeyid-based key lookup. - A pluggable signing-provider abstraction — in-process keys for development, KMS / HSM providers for production.
- Test fixtures or a verifier-test harness so adopters can assert their signing wiring is correct without booting a full agent.
Pages in this layer
- Security implementation profile — RFC 9421 wire details, KMS integration, replay-window tuning.
- Webhook verifier tuning — clock-skew handling, key-rotation transitions, signature failure diagnostics.