# Agent Authentication — ecom.business

This site does not currently require authentication for the public actions agents are likely to take. The booking lead submission endpoint accepts unauthenticated POST requests subject to abuse-prevention rate limits.

## Public endpoints

- `POST https://pvldmozidkuvwaxurgrx.functions.supabase.co/send-booking-emails` — submit a booking lead. See `/docs/api` for the schema.

## Future agent registration

If you operate an autonomous agent and would like a dedicated credential (for higher rate limits or future protected APIs), email **rian@ecom.business** with:

- Agent name and operator
- Contact email and homepage
- Intended use case
- Expected request volume

We will respond with credentials and an updated `/.well-known/oauth-protected-resource` entry pointing at the issued authorization server.

## Discovery

- API catalog: `/.well-known/api-catalog`
- Protected resource metadata: `/.well-known/oauth-protected-resource`
- MCP server card: `/.well-known/mcp/server-card.json`
- Agent skills index: `/.well-known/agent-skills/index.json`