Skip to main content

Documentation Index

Fetch the complete documentation index at: https://glide-9da73dea.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Banking For Your Agents — the operating account Claude, ChatGPT, Vertex, OpenClaw, Hermes, and any other MCP-capable agent runtime uses to move real money, scoped by a multisig-governed envelope the principal controls. This directory holds the dev-facing documentation for the Glide Agent Platform. The hosted instance lives at docs.glide.co/agents; self-hosters: see SELF_HOSTING.md in this directory for the OSS-shape deploy guide.
The examples below reference Glide-Cloud URLs (auth.glide.co, mcp.glide.co). For self-host, substitute auth.<your-domain> and mcp.<your-domain> — the OAuth + MCP contracts are identical.

Quickstart

  1. Register an MCP client. Dynamic Client Registration (RFC 7591) at https://auth.glide.co/oauth2/register. You get back a client_id + client_secret.
  2. OAuth authorize flow. Redirect the user to https://auth.glide.co/oauth2/authorize with response_type=code, client_id, redirect_uri, code_challenge (S256), scope, and resource=urn:glide:vault:<vault_id> (RFC 8707 resource indicator). On approval you get an authorization_code; exchange for a bearer grant at /oauth2/token.
  3. Call MCP tools. Three endpoints under https://mcp.glide.co:
    • /read — accounts, balances, transactions, agents, skills, audit stream
    • /write — payments, cards, transfers, beneficiaries, x402
    • /treasury — grant issuance, signer rotation, yield allocation, kill-switch
  4. Handle step-up. Write tools that cross the policy envelope return JSON-RPC -32003 with a step_up_url. Surface that URL; the user biometric-approves on the Glide web sheet; retry your tool call with the returned step_up_sigil.

Authentication

Grant shape

Grants are JWTs with the following claims:
ClaimMeaning
subPrincipal user ID (the human)
act.subAgent principal ID (the acting agent)
azpAuthorized party (your registered MCP client_id)
aud.vault_idScoped resource vault
aud.entity_idScoped resource entity
scopeClosed-vocab scopes (see below)
policy_versionEnvelope version at grant issue time
iat / nbf / expMax TTL 60 minutes
jtiServer-side grant ID (for revocation)

Scopes (closed vocabulary)

accounts:read
agents:read
payments:initiate
payments:simulate
cards:manage
agent:budget:create
agent:budget:revoke
beneficiary:write
x402:pay
x402:receive
audit:stream
treasury:rotate-signer
treasury:yield-allocate
New scopes require a schema migration — no free-text scope extension.

Tool reference

See tool-reference.md for per-tool input/output schemas + annotations.

Error taxonomy

JSON-RPC error codes emitted by the gateway:
CodeNameMeaning
-32602InvalidParamsShape / zod validation / input mismatch
-32000UnauthenticatedGrant invalid / revoked / expired
-32001UnauthorizedScope / audience / tenant mismatch
-32002PolicyDeniedEnvelope violation (axis + reason_id in data)
-32003StepUpRequiredUser approval needed (step_up_url in data)
-32004RateLimitedRetry after retry_after_seconds
-32005VaultContentionTransient; safe to retry
-32006VendorUnavailableUpstream dep (Privy, Bridge, RPC, V2/V3 roadmap)
-32603InternalErrorCorrelation ID surfaced; report to support

Rate limits

Per-tenant, per-client, per-category buckets:
  • read: 300 req/min, 1.5× burst → effective 450/min
  • write: 60 req/min, 1.5× burst → effective 90/min
  • treasury: 10 req/min, 1.2× burst → effective 12/min
429 response includes retry_after_seconds.

Idempotency

Every write tool requires idempotency_key (min 8 chars, max 128). Server caches (key, result) for 24 hours keyed on (agent_principal_id, idempotency_key). Replays return the cached response without re-executing.

SDK examples

See sdk-examples/ for TypeScript + Python starter snippets (published as @glideco/mcp-client / glide-mcp-client in v1.5 per PLAN.md roadmap).

What’s deferred

  • AP2 Payment Mandate (v1.5)
  • DPoP / mTLS sender-constrained tokens (v1.5)
  • DID-based agent identity (v2)
  • GNAP grant issuance (v2)
  • Full BaaS REST platform (V5 Bucket 6.1)
See PLAN.md §“NOT in scope” for the full deferred list.