# Auth.md — Pinpoint Agent Registration

Canonical origin: https://pinpointaccountingservice.com

Pinpoint Accounting & Service does not currently offer self-service OAuth, OpenID Connect, or agent registration for public API access.

## Public Agent Access

Agents may read public website content according to:

- https://pinpointaccountingservice.com/robots.txt
- https://pinpointaccountingservice.com/agents.txt
- https://pinpointaccountingservice.com/llms.txt
- https://pinpointaccountingservice.com/ai.txt

Agents may help users contact Pinpoint through public channels:

- Contact page: https://pinpointaccountingservice.com/contact
- LINE Official Account: https://line.me/R/ti/p/@413dqpcq
- Phone: +66-92-749-7442

## API Access

Public API discovery is available at:

- https://pinpointaccountingservice.com/.well-known/api-catalog
- https://pinpointaccountingservice.com/.well-known/openapi.json
- https://pinpointaccountingservice.com/.well-known/oauth-protected-resource
- https://pinpointaccountingservice.com/.well-known/oauth-authorization-server
- https://pinpointaccountingservice.com/.well-known/openid-configuration

The advertised public endpoints do not require bearer tokens. Private operational endpoints are not available for public agent registration.

## Agent Registration

Private API access is not self-service. Agents that need private operational API access should request review through:

- Register URI: https://pinpointaccountingservice.com/agent-registration
- Contact page: https://pinpointaccountingservice.com/contact

## Anonymous Claims

<a id="anonymous-claims"></a>

Anonymous agents may read public pages, robots.txt, agents.txt, llms.txt, ai.txt, the API catalog, the A2A agent card, and public discovery metadata without registration or bearer credentials.

For private operational API access, use the registration review flow rather than relying on anonymous access.

```yaml
agent_auth:
  status: registration_required_for_private_apis
  skill: https://pinpointaccountingservice.com/auth.md
  register_uri: https://pinpointaccountingservice.com/agent-registration
  authorization_server: https://pinpointaccountingservice.com/.well-known/oauth-authorization-server
  protected_resource: https://pinpointaccountingservice.com/.well-known/oauth-protected-resource
  identity_types_supported:
    - anonymous
    - organization
    - service_agent
  supported_identity_types:
    - anonymous
    - organization
    - service_agent
  credential_types_supported:
    - oauth2-client-credentials
    - private_key_jwt
  claim_uri: https://pinpointaccountingservice.com/agent-registration#claims
  revocation_uri: https://pinpointaccountingservice.com/agent-registration#revocation
  anonymous:
    credential_types_supported:
      - none
    claim_uri: https://pinpointaccountingservice.com/auth.md#anonymous-claims
  note: Public website discovery endpoints do not require OAuth. Private operational API access requires Pinpoint Accounting review and approval.
```

## Future OAuth/OIDC Support

When Pinpoint adds a real OAuth or OIDC authorization server, this file should be updated together with:

- `/.well-known/oauth-authorization-server`
- `/.well-known/openid-configuration`, if OpenID Connect is supported
- `/.well-known/oauth-protected-resource`