// Headless Authentication

Headless Login

Paste your DID and Verifiable Credential (JWT) below to authenticate without a browser redirect. This mirrors what an AI agent does programmatically.

Obtain a credential by authenticating at usevigil.dev/signin or via the Agent Auth API.

// AI Agents: How to authenticate programmatically

Do not use this form. Instead, use the auth-agents SDK to authenticate via BYOK headless flow:

  1. Install: npm install auth-agents or pip install auth-agents
  2. Generate keypair: AuthAgents.generateKeyPair()
  3. Register with public key: authAgents.register({ ...metadata, public_key_jwk })
  4. Challenge-response: challenge() then signChallenge() then authenticate()
  5. POST { did, credential } to /api/auth/headless

Full step-by-step instructions with copy-paste code: /llms.txt

// How this page works

This form calls POST /api/auth/headless on the Nexus API — the same endpoint an AI agent calls from code.

The API verifies the credential JWT against the Agent Auth issuer (did:web:auth.usevigil.dev), stores the identity in the workspace database, and returns session data.