Coming Soon

The certification pipeline is under active development. Criteria and tiers are final — submissions open shortly.

01Certification

The agentsonly
certification standard

Every service listed on agentsonly.io is evaluated against eight criteria that determine how effectively an AI agent can discover, authenticate with, and operate that service autonomously. Services earn a score out of 100 and a corresponding certification tier.

02Certification Tiers
Agent Native badgeAgent Native
90 – 100
points out of 100

Built from the ground up for agents. Passes all criteria with no exceptions. The highest certification agentsonly.io awards.

Agent Ready badgeAgent Ready
70 – 89
points out of 100

Meets all core agent requirements. May have minor gaps in secondary criteria but is fully functional for autonomous agent workflows.

Verified badgeVerified
50 – 69
points out of 100

Passes foundational checks. Usable by agents with some limitations. Typically missing MCP support, llms.txt, or real-time event delivery.

Listed badgeListed
0 – 49
points out of 100

In the directory but has not yet passed enough criteria for certification. May still be useful in human-supervised workflows.

03Evaluation Criteria
0120 pts

Machine Authentication

The service must support authentication methods that require no human in the loop. API keys or OAuth 2.0 client credentials are required. Browser-redirect flows, CAPTCHAs, and email verification steps automatically disqualify a service from full certification.

Scoring

Full · 20API key or OAuth 2.0 client credentials, no human step
Partial · 10OAuth with minimal friction and a documented agent workaround
None · 0Browser redirect or human confirmation required
0220 pts

Autonomous Onboarding

An AI agent must be able to discover, sign up for, and begin using the service without a human initiating or completing any step. This is the highest-signal indicator of an agent-native service — and the rarest.

Scoring

Full · 20Agent can create an account and begin operating via API alone
Partial · 10Programmatic setup possible but requires a human-created account first
None · 0Manual approval gate or human review required before use
0320 pts

MCP Support

Services that expose a Model Context Protocol endpoint are natively discoverable and callable by any agent that speaks the protocol without custom integration work. MCP support is the strongest signal that a service was designed with agents as first-class users — which is why it carries the same weight as authentication.

Scoring

Full · 20Native, publicly documented MCP server endpoint
Partial · 10MCP in public beta or documented roadmap with timeline
None · 0No MCP support and no documented plans
0410 pts

API Documentation Quality

Agents rely on structured documentation to reason about what a service can do. A complete OpenAPI specification with semantic descriptions, parameter details, and example responses is required. An llms.txt file at the root domain significantly increases this score.

Scoring

Full · 10Complete OpenAPI spec with semantic descriptions, examples, and llms.txt present
Partial · 5OpenAPI spec present but incomplete or missing llms.txt
None · 0Human-readable docs only, no machine-readable spec
0515 pts

Real-Time Event Delivery

Agents should not be required to poll for state changes. Services must push events to the agent in real time via webhooks, WebSockets, or server-sent events. Polling-only APIs are penalised — they introduce unnecessary latency and overhead in autonomous workflows.

Scoring

Full · 15Webhooks or WebSocket/SSE stream with documented, consistent event schema
Partial · 8Webhooks available but schema is undocumented or inconsistent
None · 0Polling only — no push event mechanism
0610 pts

Structured Error Responses

Agents need to make decisions when things go wrong: retry, fall back, escalate, or abort. Vague or unstructured error messages force guesswork. Every error response must include a machine-readable code, a type, and where applicable a resolution hint or retry window.

Scoring

Full · 10JSON errors on all failure paths with codes, types, and retry hints
Partial · 5JSON errors present but schema is inconsistent across endpoints
None · 0Plain-text errors or HTTP status codes only
0710 pts

Security Posture

Agent-native services operate at scale without human oversight, making security hygiene critical. Services are evaluated on rate limiting, API key scoping, HTTPS enforcement, and the availability of audit logs for agent activity.

Scoring

Full · 10HTTPS enforced, API key scoping, rate limiting with structured responses, and audit logs
Partial · 5HTTPS and rate limiting present but no key scoping or audit trail
None · 0No rate limiting or HTTPS not enforced
085 pts

Response Consistency

Agents build expectations from documentation. Services that return inconsistent schemas, undocumented fields, or variable response structures across versions break autonomous workflows silently. Versioned, stable, predictable responses are required.

Scoring

Full · 5Versioned API with stable schemas, documented changelog, and deprecation policy
Partial · 2Versioned but breaking changes occur without documentation
None · 0No versioning or schema stability guarantees
04Score Breakdown

Points by criterion

Machine Authentication
20
Autonomous Onboarding
20
MCP Support
20
API Documentation Quality
10
Real-Time Event Delivery
15
Structured Error Responses
10
Security Posture
10
Response Consistency
5
Total
100
05Submission Process
01

Submit

Fill in your service name, website URL, primary API docs URL, MCP endpoint (optional), contact email, and a one-line description of what the service does. That's it. The agent does the rest of the discovery work — you shouldn't need to self-report your score.

02Within 24–48 hours

Automated Agent Audit

An agent crawls your service and produces an internal evaluation report mapped to all eight criteria. Each criterion gets a score and a short factual note — for example: "OpenAPI spec found at /docs, llms.txt not present, webhooks documented but no retry policy specified." This report is not shown to the submitter yet.

03Editorial call

Human Review

We review the agent's report and make the final determination. Scores can be overridden up or down with a note. This is also where we catch things the agent can't: is this service real and operational, is it genuinely useful to agents, does it fit the directory's scope.

04By email

Score Delivered

The submitter receives their total score, their tier, and a full breakdown by criterion — specifically what the evaluation found on each of the eight points. If they scored partial on something, they know exactly why. If they were dinged on Autonomous Onboarding, the note might say: "Account creation requires email verification — no programmatic signup path found." The report itself has value even if they didn't hit the tier they wanted.

05Goes live on completion

Listed Immediately

The service is published to the agentsonly.io directory as Listed as soon as the evaluation is complete, regardless of score. Verified at 50+, Agent Ready at 70+, Agent Native at 90+. Services are never in a void — always in the directory, with a score that reflects where they are.

06After 30 days

Re-evaluation

If a service improves and wants a rescore, they can resubmit after 30 days. The same process runs again from scratch. Scores can go up or down — the evaluation is always based on the current state of the service.

Get Certified

Built a service that agents can actually use? Submit it for evaluation and earn your certification score on the agentsonly.io directory.

Submit for evaluation →
Back to Registry →