Integrating the AXIS Verification API in a Node.js Application

A step-by-step tutorial showing how to register an AI agent, query its trust score, and gate access to sensitive routes using the AXIS API — all in under 50 lines of Node.js.

By Leonidas Esquire Williamson — February 17, 2026

Prerequisites

This tutorial assumes you have Node.js 18+ installed, an AXIS API key (obtainable from the [developer portal](/docs)), and a basic familiarity with Express.js. All code samples use ES modules.

Step 1: Install the AXIS SDK

The official AXIS Node.js SDK wraps the REST API with typed helpers and automatic retry logic:

```bash

npm install @axistrust/sdk

```

Step 2: Register Your Agent

Before you can query trust scores, your agent must be registered in the AXIS directory. Registration assigns a globally unique AUID (Agent Unique Identifier) that persists across deployments and model versions.

```javascript

import { AxisClient } from "@axistrust/sdk";

const axis = new AxisClient({ apiKey: process.env.AXIS_API_KEY });

const agent = await axis.agents.register({

name: "My Production Agent",

agentClass: "service",

model: "gpt-4o",

version: "1.0.0",

capabilities: ["read:database", "write:api"],

operatorId: "your-org-id",

});

console.log("AUID:", agent.auid);

// → AUID-7F3A9B2C1D4E5F6A

```

Store the AUID in your environment configuration. It is the stable identifier you will use for all future trust queries.

Step 3: Verify an Agent Before Granting Access

The most common integration pattern is a middleware function that checks the T-Score of an incoming agent before allowing it to proceed:

```javascript

import express from "express";

import { AxisClient } from "@axistrust/sdk";

const app = express();

const axis = new AxisClient({ apiKey: process.env.AXIS_API_KEY });

// Middleware: require T-Score ≥ 600 (Trusted tier)

async function requireTrustedAgent(req, res, next) {

const auid = req.headers["x-agent-auid"];

if (!auid) return res.status(401).json({ error: "Missing X-Agent-AUID header" });

try {

const result = await axis.agents.verify(auid);

if (result.tScore < 600) {

return res.status(403).json({

error: "Agent trust score below threshold",

tScore: result.tScore,

tier: result.tier,

required: 600,

});

}

req.agentProfile = result;

next();

} catch (err) {

return res.status(502).json({ error: "Trust verification failed" });

}

}

app.get("/api/sensitive-data", requireTrustedAgent, (req, res) => {

res.json({ data: "...", verifiedAgent: req.agentProfile.auid });

});

```

Step 4: Record Trust Events

Trust scores improve over time when agents behave well. Record positive events — successful task completions, clean permission usage, compliance checks — to help your agents build reputation:

```javascript

await axis.events.record({

auid: agent.auid,

eventType: "task_completed",

severity: "info",

description: "Successfully processed 1,000 records without errors",

metadata: { recordsProcessed: 1000, duration: "4.2s" },

});

```

Step 5: Embed the Trust Badge

For public-facing applications, embed the AXIS trust badge to give users visibility into the agents acting on their behalf:

```html

```

The badge renders the agent's current tier, T-Score, and a link to its public profile — all updated in real time.

Caching Considerations

The AXIS Verification API returns a Cache-Control: max-age=300 header on all verify responses. You should respect this and cache results for up to five minutes to avoid rate limiting. The SDK handles this automatically via an in-memory LRU cache.

For high-throughput applications, consider subscribing to the AXIS webhook feed to receive push notifications when an agent's tier changes, rather than polling.

Next Steps

The complete source code for this tutorial is available in the [AXIS examples repository](https://github.com/axistrust/examples).