Identity · Agent Credentials

Identity for every agent.

NU NHI is a non-human identity broker that issues scoped, short-lived credentials to AI agents and automated systems. Every token is policy-bound, audited, and rotatable — so your agentic workflows stay compliant, traceable, and revocable at any time.

Issue a token Read the docs

Scoped

Short-lived

Policy

Bound

Instant

Revocation

identity-broker — nunhi.coLive

→ ISSUE agent=billing-bot scope=invoices:read

policy: least-privilege · ttl=15m

← token tok_9Fa… · expires 15:42

✓ AUDIT issuance logged · signer ok

billing-botinvoices:readACTIVE

deploy-agentci:writeACTIVE

scraper-07web:readROTATED

unknown-svcpolicy deniedREVOKED

NU NHI

<1sRevocation

100%Audited

15mDefault TTL

OpenCore

The flow

Five hops from INVITE to answer.

01 · REGISTER
Register
Define each agent or service account with allowed scopes and TTLs.
02 · POLICY
Policy
Declare access policies in YAML or the UI; least-privilege enforced.
03 · ISSUE
Issue
A scoped, short-lived token is minted and bound to the agent.
04 · USE
Use
The agent accesses only its bound systems via pre-built connectors.
05 · AUDIT
Audit / revoke
Every issuance and use logged; rotate or revoke on demand.

Live · 1,204 active tokens

Governance & audit

See every token, always.

Review the live inventory of non-human identities, rotate credentials on demand, and export a complete audit trail for compliance. Every issuance, use, and revocation is signed and logged.

Live token inventory per agent
On-demand rotation & instant revocation
Exportable, signed audit trail

<1sRevoke time

100%Audited

15mDefault TTL

Capabilities

Full-stack, production-ready.

Scoped tokens

Short-lived, fine-grained scope
Least-privilege by default
Configurable TTLs
Automatic rotation

Policy engine

YAML or UI-declared policies
Least-privilege enforcement
Per-connector boundaries
Conditional & time-bound rules

Agent connectors

Bind agents to systems & APIs
OAuth, SCIM & API-key connectors
Workspace-scoped access
Pre-built integration catalog

Audit trail

Every issuance, use & revocation logged
Signed, tamper-evident records
Export for compliance review
Anomaly alerting

Protocols

OAuth 2.0 & OIDC
SCIM provisioning
SAML federation
mTLS & signed JWTs

Governance

Central token inventory
On-demand rotation & revocation
Approval workflows
Open-core, self-hostable

<1sRevocation

100%Audited

15mDefault TTL

OpenCore

NU NHI is an open-core broker on proven standards — OAuth, OIDC, and SCIM underneath, with our policy engine, connector catalog, and signed audit log on top, so you govern agent identities without building a credential service from scratch.

Features

Everything you need to scale.

Built for the demands of modern telecoms and digital infrastructure — reliable, programmable, and production-ready.

Scoped tokens

Issue short-lived credentials with fine-grained scope — agents get exactly what they need, nothing more.

Policy-based access

Declare access in YAML or the UI; enforce least-privilege across every agent and connector.

Agent connectors

Bind credentials to specific systems, workspaces, and APIs via pre-built connectors.

Full audit trail

Every issuance, use, and revocation is logged and exportable for compliance review.

Issue in code

A scoped token in one call.

Request a credential for an agent with the exact scope it needs. Short-lived, policy-checked, and audited by default.

OAuth 2.0 · OIDC · SCIM
Issuance & revocation webhooks
YAML policy as code

issue-token.sh

# issue a scoped, short-lived token
curl -X POST https://api.nunhi.co/v1/tokens \
  -H "Authorization: Bearer $NU_NHI_KEY" \
  -d '{ "agent": "billing-bot",
       "scope": "invoices:read", "ttl": "15m" }'

# → 201 Created
{ "token": "tok_9Fa…", "scope": "invoices:read",
  "expires": "2026-06-20T15:42Z" }

Secure your agents today.

Issue your first scoped token in minutes. Open-core, self-hostable, and audited from the first call.

Issue a token Talk to sales

Open-core · Self-hostable · Audited by default

All products

NU NHI·nunhi.co

Identity for every agent.

Five hops from INVITE to answer.

Register

Policy

Issue

Use

Audit / revoke

See every token, always.

Full-stack, production-ready.

Scoped tokens

Policy engine

Agent connectors

Audit trail

Protocols

Governance

Everything you need to scale.

Scoped tokens

Policy-based access

Agent connectors

Full audit trail

A scoped token in one call.

Secure your agents today.

See every token, always.

Full-stack, production-ready.

Scoped tokens

Policy engine

Agent connectors

Audit trail

Protocols

Governance

Everything you need to scale.

Scoped tokens

Policy-based access

Agent connectors

Full audit trail

A scoped token in one call.

Secure your agents today.