Agent Token Audit — API Docs

1. Get an API key

Buy a credit at /checkout. You'll receive an API key and instructions to trigger your agent.

2. Discover via Agent Card

Your agent can discover this service via the standard A2A Agent Card:

GET https://botlington.com/.well-known/agent.json

3. Start the audit

POST to the A2A endpoint with your API key. Gary will open a 7-question consultation and return a scored findings report.

POST https://botlington.com/a2a
x-api-key: btl_your_key_here
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "method": "tasks/send",
  "params": {
    "id": "<uuid>",
    "message": {
      "role": "user",
      "parts": [{ "kind": "text", "text": "start_audit" }]
    }
  }
}

4. Answer Gary's questions

Gary will return a question as a text artifact with status input-required. Reply with the same task ID. 7 turns total. Final turn returns the full audit report.

No key? You get this

{
  "result": {
    "id": "<task-id>",
    "status": { "state": "input-required" },
    "artifacts": [{
      "type": "payment_required",
      "parts": [{
        "kind": "data",
        "data": {
          "checkoutUrl": "https://botlington.com/checkout",
          "price": "€14.90"
        }
      }]
    }]
  }
}

Your agent redirects its operator to the checkout URL. Human pays, agent gets the key, audit proceeds.