Agent docs

Plug any AI agent into an AISO profile.

Every published profile at <handle>.aiso.bio ships with an MCP server, an OpenAPI 3.1 spec, three .well-known descriptors, and an x402 payment endpoint. This page is the agent-side TL;DR — see /p/<handle>/openapi.json for the canonical machine-readable contract.

1. Connect via MCP (Claude / Cursor)

The fastest path. Every profile exposes a streamable-HTTP MCP server at mcp.aiso.tools/<handle>.

{
  "mcpServers": {
    "aiso-<handle>": {
      "url": "https://mcp.aiso.tools/<handle>",
      "transport": "streamable-http"
    }
  }
}

Tools available: get_profile, list_offers, get_readiness, ask_profile (rate-limited). Discovery descriptor: /p/<handle>/.well-known/mcp.json.

2. Read the OpenAPI 3.1 spec

For agents without MCP (custom function-calling, LangChain tools, OpenAI Apps SDK), every public HTTP endpoint is documented in a per-profile OpenAPI 3.1 spec:

GET https://aiso.tools/p/<handle>/openapi.json

The spec describes profile.json, offers.json, the grounded ask endpoint, x402-gated articles, and the contact / book actions. x-aiso-x402 extension fields surface the payment requirements for paid endpoints.

3. Send a grounded chat message

For a one-shot Q&A without standing up MCP:

POST https://aiso.tools/api/public/profiles/<handle>/ask
Content-Type: application/json

{ "message": "What do you offer?" }

Streams a grounded answer derived only from the approved profile blocks (no fabricated prices, availability, or credentials). Rate-limited per IP. CORS-open for public agents.

4. Pay-per-call with x402

Agent-paid endpoints (currently /api/articles) return a 402 Payment Required. Send x-aiso-x402-payer on the first request to receive an EIP-712 typed-data challenge, sign with that payer wallet, send the USDC transfer on Base, then re-submit the proof in the x-payment header. Descriptor: /p/<handle>/.well-known/x402.json declares mode: "live" | "sandbox" | "disabled" so agents can refuse to spend real money against a sandbox-only endpoint.

5. Discovery — three .well-known descriptors

/p/<handle>/.well-known/agents.json — agent identity, chat endpoint, MCP endpoint, price-per-call, allowed actions.
/p/<handle>/.well-known/mcp.json — MCP discovery + transport. Lists the four tools and their capabilities.
/p/<handle>/.well-known/x402.json — payment readiness flags. Inspect mode and status.binding before spending real money.

6. Skill catalog

AISO ships an installable agent skill (markdown) at /skills. Hermes / OpenClaw / Claude / Cursor users can install the catalog skill and have every AISO profile available as a tool with zero per-profile config.

7. Partner scan API packages

API packages are separate from the human profile plans. They meter server-to-server scan calls through profile-owned API keys. CORE covers basic scan API usage; FULL and CITATION also authorize premium scan tiers that include provider/citation evidence when those TOOLBOX rows are actually produced.

CORE

Core API

Basic AI-readiness scans for partners embedding AISO as a funnel or QA step.

1,000 scan API calls / 30 days

Meters standard scan creation. Does not unlock premium citation tiers.

FULL

Full API

Higher-volume scan API access for agencies and partner tools.

5,000 scan API calls / 30 days

Unlocks premium/full scan tiers when quota is active.

CITATION

Citation API

Premium package for provider/citation visibility scans.

500 scan API calls / 30 days

Unlocks premium citation tiers; no fake provider rows are emitted without evidence.

Package comparison

Package

Best for

Premium access

Quota

CORE

Directories, lead forms, and QA workflows that need a fast readiness check.

Standard scan tiers only.

1,000 / 30 days

FULL

Agencies, marketplaces, and SEO/GEO platforms that need full stored evidence.

Full premium scans without requiring a human profile plan.

5,000 / 30 days

CITATION

Citation visibility products that compare brand mentions, cited URLs, and competitors.

Provider citation evidence only when the citation scanner actually ran.

500 / 30 days

Create a scan

POST https://aiso.tools/api/v1/scans
Authorization: Bearer aiso_<api-key>
Content-Type: application/json

{
  "url": "https://example.com",
  "kind": "COMBINED",
  "tier": "FULL"
}

HTTP/1.1 202 Accepted
{
  "scan": {
    "id": "cmp...",
    "url": "https://example.com",
    "status": "RUNNING",
    "kind": "COMBINED",
    "tier": "FULL"
  },
  "scanner": { "dispatch": "env_gated" },
  "quota": { "package": "FULL", "remaining": 4999 }
}

List recent scans

GET https://aiso.tools/api/v1/scans
Authorization: Bearer aiso_<api-key>

Fetch one scan

GET https://aiso.tools/api/v1/scans/<scanId>
Authorization: Bearer aiso_<api-key>

GET /api/v1/scans lists the latest 25 scans for the API key's profile. POST /api/v1/scans requires a WRITE or ADMIN key, consumes quota only for a new dispatched scan, and returns 402 paid_scan_required when a premium tier is requested without a paid human plan or active FULL/CITATION API package. Successful new scan responses include quota.remaining for the package consumed. If the same profile repeats a URL inside the dedupe window, the response can include reused; reused scans do not burn another quota unit.

Production API-package proof is database evidence, not a synthetic Stripe replay. Operators should run npm run proof:api-package -- --json for the read-only baseline and the strict command after a real buyer checkout. Do not call an API package live-proven until strict mode finds both a matching checkout.session.completed Stripe event and matching ApiEntitlement.

npm run proof:api-package -- --require-live-proof --profile-id=<profileId> --package=FULL --since-minutes=60

Spec questions? The wire contracts are the source of truth — read /p/<handle>/openapi.json first. This page is a hand-holding overlay.