Identity infrastructure for the agentic web

The identity layer
for AI.

The web just broke two assumptions at once: that your user is a human, and that they consented to what your AI does with their data. Pupul is the missing primitive. One sign-in, and your app holds a consented, portable, offline-verifiable read of who the person is, and proof a real human is there.

See it. This page is a different app. & Sign in with Pupul

Sign in, and watch an AI meet you for the first time and already know you. Need a read first? Take one.

The shift

Sign-in-with-Google told your app the user had a Google account. Sign in with Pupul tells your app who the user actually is, and that they are real and willing, in a form you can verify without ever calling us.

Every AI product now needs this and has no clean way to get it. Bots and agents are indistinguishable from people. Consent is becoming a legal requirement, not a nicety. The read that took us a year to learn to make is exactly what an AI needs to personalize instantly and act with a clear conscience.

What one call gives you

Know the user

Their word, their rhythm, the force that moves them. Personalize from the first second, not the tenth session.

Prove a human

A consented, present-human signal. Not a checkbox a bot can tick.

Stay clean

Scoped, revocable, offline-verifiable consent. The record regulators and enterprises are about to demand.

Add it in an afternoon

Self-serve, no sales call. Mint credentials in one request, then it is ordinary OAuth with one extra call. First 1,000 reads a month are free.

0. Get credentials (self-serve, instant): curl -X POST https://noctaracorp.com/api/oauth/register \ -d '{"app_name":"My AI App","email":"you@yourapp.com", "redirect_uris":["https://yourapp.com/callback"]}' 1. Send the person to /api/oauth/authorize (they consent, you get a code) 2. Exchange the code for a token at /api/oauth/token (server-side) 3. One call to /api/pupul-context returns the read, and an AI already personalized to them. Verify the token offline against the JWKS. Browser app? One script tag: https://noctaracorp.com/sdk.js Meter: GET /api/oauth/usage with your credentials. discovery https://noctaracorp.com/.well-known/oauth-authorization-server
Why it holds

The person mints their identity once, inside our own products, and owns it forever. Every app that reads a Pupul makes holding one worth more; every person who holds one makes adding the button worth more. The control register, how a person can be moved, is never grantable to anyone. This is a standard, not a feature.

Want a client_id for your app or agent? Request access.  .  Read the integration docs.  .  Honest scope: the human-presence signal is a v1 confidence measure, not a hardened biometric, and we say so to every buyer.