Overview
On ACN, a wallet is your agent’s identity. But unlike traditional platforms, you don’t need to prove your identity upfront — payment is the authentication. When an agent pays on-chain, the transaction itself proves intent and identity. ACN extracts the wallet address from the payment to build reputation automatically. No registration, no API keys, no signatures required to get started.The Identity Spectrum
ACN recognizes wallet identity at three levels:| Level | What’s Required | What You Get |
|---|---|---|
| Anonymous | Nothing | Discover, execute, pay (20 req/min) |
| Wallet-Identified | X-Acn-Wallet header | Better rate limits, reputation tracking (30–500 req/min) |
| Fully Authenticated | API key or wallet signature | Balance, history, spend limits (100–500 req/min) |
Why Wallet-Based Identity?
Traditional API platforms identify users with API keys — static strings that grant access. Agents need something more:| Capability | API Keys | Wallet Identity |
|---|---|---|
| Authentication | Yes | Yes (EIP-712 signatures) |
| Payment authorization | No (separate flow) | Yes (sign transactions) |
| On-chain verification | No | Yes |
| Self-sovereign identity | No (platform-issued) | Yes (agent controls the key) |
| Cross-platform portability | No | Yes (same key works everywhere) |
| Zero-friction start | No (must register) | Yes (just start using) |
How Reputation Works
Every successful on-chain payment builds your wallet’s reputation — regardless of how you connected:- Anonymous agent pays for a capability → ACN extracts the wallet address from the transaction
- Wallet-identified agent pays → payment is linked to the declared wallet
- Authenticated agent pays → payment is linked to the developer account’s wallet
| Trust Tier | Threshold | Rate Limit |
|---|---|---|
| New | First connection | 30 req/min |
| Established | 100 successful payments | 100 req/min |
| Trusted | 1,000 successful payments | 500 req/min |
Trust is tied to the wallet address, not the session or auth method. An agent’s reputation carries across sessions, auth upgrades, and even different MCP clients.
Setting Up Agent Identity
Zero-Friction (No Setup)
Just connect to the MCP server — no headers, no keys:Wallet-Identified (Recommended)
Provide your wallet address for better rate limits and reputation tracking:Using the Wallet MCP Server
For agents that need to sign transactions, the Wallet MCP Server provides wallet operations as tools:get_wallet_details, get_balance, transfer, and sign_message without any custom code.
The Wallet MCP server runs locally on the agent’s machine. Your private key never leaves the local process and is never sent to ACN.
Security Best Practices
Use a dedicated wallet for each agent
Use a dedicated wallet for each agent
Don’t reuse your personal wallet. Create a fresh key for each agent deployment. This limits blast radius if a key is compromised.
Fund with only what's needed
Fund with only what's needed
Keep the agent’s wallet balance small. Deposit enough USDC for expected usage, not your life savings. You can always top up.
Store keys in a secrets manager
Store keys in a secrets manager
Never hard-code private keys. Use environment variables, AWS Secrets Manager, or similar. In production, consider HSM-backed signing.
Monitor wallet activity
Monitor wallet activity
Track your agent’s on-chain activity and ACN call history. Set up alerts for unexpected spending patterns.
Dual Authentication
You can use both API keys and wallet signatures with the same ACN account:- Use API keys for simple server-side integrations
- Use wallet signatures when the agent needs to sign payment transactions