FIDNT is a sovereign identity protocol. When your platform integrates, you stop guessing whether you have permission to act on a user's data — you have a signed receipt that proves it. Compliance becomes a query, not a project.
Legal basis — identity & signing map to UNCITRAL MLIT (2022); AI-agent attribution to MLAC (2024). Aligned to the standards, operating under the statutes in force. See the alignment →
Every integration ships with these. They are not features — they are primitives the protocol returns.
Re-use the user's existing FIDNT identity. No KYC re-run. PhilSys, passkey, biometric — already done.
ISO 27560 / DPA 2012 receipt — signed by the user, scoped to your purpose, time-stamped, exportable.
What you may do is in writing, signed by the user's key. Out-of-scope = invalid. Civil Code 1868.
Webhook fires the instant a user revokes. You stop processing within seconds — defensible by design.
Append-only, SHA3-512 hash-chained, ML-DSA-65 (FIPS 204) signed record of every consent, mandate, action and revocation. Court-admissible. Export on demand.
Most platforms accumulate compliance debt every day they operate. FIDNT swaps the unprovable for the provable.
FIDNT operates as the user's agent under Civil Code 1868. Money does not flow through FIDNT — it flows directly between your platform and the user. FIDNT issues the proofs. We are not a payment processor, not a money-service business, not in any custody role.
Platform
pays the user directly via your own rail (bank, e-money, PSP) →
FIDNT
issues the signed mandate + receipt + ledger entry →
FIDNT
invoices its disclosed admin fee to your platform separately, as service revenue.
No employer-employee relationship. No payroll withholding obligation. No 2316/2307 for casual data licensing. No SEC exposure from token rewards. No BSP exposure from money pass-through (because there is no pass-through). Tax burden lives where it legally belongs — with the user.
Tax framing for PH residents: passive royalty income to the user, 20% final tax. Platform receives a clean payment receipt + invoice from FIDNT for its books. We are not a money service business; the BSP regulates entities that receive deposits, issue e-money, or operate payment systems — none of which describes a routing-instruction + receipt issuer.
The full surface is small on purpose. Every endpoint maps to one of the four pillars. Anything that isn't here, FIDNT does not do.
| Method | Path | Purpose | Status |
|---|---|---|---|
| POST | /api/auth | Identity assertion · session start | live |
| POST | /api/mandate | Request a signed mandate (scope, expiry) | live |
| POST | /api/consent | Issue a consent receipt to your platform | live |
| POST | /api/licensing | Data licensing terms (scope · duration · price) | beta |
| GET | /api/portability | User-initiated data export (DPA Sec.18) | live |
| POST | /api/credit-dispute | BSP-defined credit information dispute | beta |
| POST | /api/npc-enforcement | NPC complaint envelope (DPA Sec.16) | beta |
| POST | /api/ppsr | Personal Property Security Registry filing | v2 |
| GET | /api/earnings | User royalty receipts log + earned-but-not-yet-paid attestation | live |
| POST | /api/accounting | Per-period reconciliation export | beta |
| POST | /api/messages | Send signed, consent-scoped message · real-time messaging backend in development | beta |
| GET | /api/ledger | Receipt log · hash-chained · per-user range | live |
The same agency framework, applied to AI agents acting on a human's behalf. Civil Code 1868 was written for principals authorizing agents — it applies whether the agent is a person, a company, or a model.
| Method | Path | Purpose | Status |
|---|---|---|---|
| POST | /api/agent/register | AI agent registers · receives an agent DID | v1.1 |
| POST | /api/agent/mandate | User signs mandate granting agent authority + scope | v1.1 |
| GET | /api/agent/verify | Third party verifies the agent's mandate is live + in-scope | v1.1 |
| POST | /api/agent/action | Agent logs an action with mandate proof attached | v1.1 |
| POST | /api/agent/revoke | User revokes agent's authority · webhook fires | v1.1 |
| GET | /api/agent/audit | Per-user audit trail of every agent action | v1.1 |
The unsolved problem in 2026 AI agents: no consent-rail, no scoped mandate, no revocation feed, no audit trail when something goes wrong. FIDNT is the only protocol with these primitives baked in, under a working legal substrate (Civil Code 1868 + DPA 2012 + ISO 27560).
Signing is real ML-DSA-65 (NIST FIPS 204), wired end-to-end. It runs on sandbox keys today and switches to the production signing key once set — the honest dev framing. ML-KEM-768 (FIPS 203) handles key exchange; SHA3-512 handles hashing.
live = production · authenticated · beta = sandbox-only, schema may change · v2 = on roadmap, not yet shipped. See /status for the honest capability surface.
Most integrations are a button on the client, a verify on the server, and a webhook for revocation. Total integration time for the basic shape: half a day.
Single button on your page. Opens the FIDNT consent flow; user signs with their key.
// Request a mandate from the user (browser) const mandate = await fidnt.requestMandate({ platform: 'acme.com', purpose: 'underwrite a credit application', scope: ['identity:basic', 'finance:read'], expires: '2026-12-31', });
Every server-side action checks the mandate is still valid and in-scope.
// Server verify (Node / Deno / any runtime) const res = await fetch('https://api.fidnt.com/mandate/verify', { method: 'POST', headers: { 'Authorization': `Bearer ${API_KEY}` }, body: JSON.stringify({ mandate_id, scope: 'finance:read' }) }); if (!res.ok) throw new Error('mandate invalid or out of scope');
The instant a user revokes, your platform stops processing. The receipt of stop is your defense.
// POST https://your-platform.com/webhooks/fidnt { "event": "mandate.revoked", "mandate_id": "mnd_01HK...", "user_did": "did:fidnt:...", "revoked_at": "2026-05-04T14:23:00Z", "receipt": "rcp_..." }
Full SDK reference, error codes, idempotency keys, and replay attack mitigations are in the developer docs (link from your sandbox dashboard once you have keys).
OpenAI · Anthropic · Microsoft · Google all ship agents. None ship a real consent-rail. When the first agent drains a real account or doxes a real user, every maker will need a layer they can point to. FIDNT is that layer — built first, in the right jurisdiction, under the right charter.
Pull verified identity + consented credit-data scope. Cuts onboarding from days to seconds. Mandate carries the legal weight.
DPA + HIPAA-parity. Selective disclosure for diagnosis, coverage, claims. Audit rail for every record release.
Show buyers a signed covenant, not a security questionnaire. Win the procurement review by default.
Quest, point, and token economies routinely trample DPA. FIDNT receipts make every fan-data action defensible — without changing your token mechanics.
Communications platforms move billions of messages and absorb the compliance risk on each one. FIDNT receipts close the legal exposure per send — no matter which transport rail carries it.
Benefit-pull with receipt. No double registration. PhilSys reuse, not copy. Audit rail for the COA.
We don't ship "magic." Every endpoint you saw in §4 has a status. We publish what works, what is rough, and what is on the roadmap — at /status.