---
title: "AstraSync"
slug: "astrasync"
status: "active"
last_checked: "2026-07-05"
categories:
  - "identity"
---

# AstraSync

AstraSync issues verifiable identity credentials and trust scores for AI agents through its Know Your Agent platform.

- Status: active
- URL: https://astrasync.ai/
- Last checked: 2026-07-05
- Freshness: 1 days
- Founded: 2025
- Funding: not published

- Aliases: AstraSync AI, KYA Platform
## Offerings

### Identity

- Offering status: live
- What you get: Agents get an ASTRA-ID, a portable agent card, and a dynamic trust score, registered and verified through the Know Your Agent API and SDKs.
- Acquisition: self_serve
- Geographies: not published
- Pricing: Free tier includes 100 verifications per month. Paid tiers are Developer at $9 per month, Developer Plus at $99 per month, Business at $299 per month, and custom Enterprise pricing.
- Pricing URL: https://astrasync.ai/pricing
- API: yes
- SDK: yes
- MCP: not published
- Standards: not published

| Field | Value |
| --- | --- |
| credential_type | ASTRA-ID agent card (ERC-8004-based), with support for mapping external DID, Verifiable Credential, SD-JWT, and X.509 credentials to the ASTRA-ID as primary anchor |
| who_accepts | A2A (Agent2Agent) counterparties, MCP endpoints, Commerce protocol integrators declaring ACP, AP2, UCP, VI, Agent Pay, x402, or TAP support |
| delegation_model | Agent cards declare a PDLSS permission envelope (Purpose, Duration, Limits, Scope, Self-instantiation) set immutably at registration |
| revocation | No active revocation endpoint documented; lifecycle control is via deactivation, which moves an agent to a deactivated state while preserving audit history |
| reputation_model | Trust score from 0 to 100, computed at runtime from metadata completeness, KYD verification status, observed runtime behavior, and blockchain-recorded verification events |

Gotchas:
- API-key registrations require a verified Know Your Developer (KYD) profile; without one, registration returns 403 KYD_REQUIRED and falls back to an asynchronous owner-approval flow.
- Permission boundaries (PDLSS) are set at registration and are immutable afterward; changing them requires retiring the agent and registering a new one.
- An agent cannot read its own permissions via the API; GET on its own record returns 403, by design.

## Sources

- https://astrasync.ai/
- https://astrasync.ai/about
- https://astrasync.ai/docs
- https://astrasync.ai/pricing
- https://github.com/AstraSyncAI/astrasync-api

