← Back to Home

Agentic Web Specification

Technical specification for implementing AI-native endpoints using the Model Context Protocol (MCP) extension. Enable AI agents to query your company directly and take actions on behalf of users.

Overview

The Agentic Web specification defines how companies expose AI-native endpoints that provide verified responses and enable possible actions. Built on the Model Context Protocol (MCP), it creates a standardized way for AI agents to interact with businesses programmatically.

Architecture Overview

The agentic web follows a three-party interaction model:

User

→

AI Agent

⇄

Vendor Endpoint

Users interact with AI agents (Claude, ChatGPT, etc.) which discover and communicate with vendor endpoints. The vendor maintains full control over responses, qualification logic, and available actions.

Key Capabilities

Verified Responses

Answer questions with authoritative, cryptographically signed data that AI can trust and cite.

Possible Actions

Enable AI agents to complete tasks like scheduling demos, opening tickets, or starting trials.

Qualification Flows

Collect buyer context through conversational flows before revealing pricing or booking calls.

Context Preservation

Maintain full conversation context through sessions, enabling intelligent routing and handoff.

Discovery

AI agents discover vendor capabilities through a well-known endpoint. This manifest describes what questions the vendor can answer and what actions are available.

MCP Profile Endpoint

Vendors publish their capability manifest at /.well-known/mcp. This endpoint returns a JSON document describing the vendor's agentic capabilities.

// GET https://acme.com/.well-known/mcp

{
  "schema_version": "0.1",
  "vendor": {
    "name": "Acme Inc",
    "description": "Enterprise API platform for developers",
    "website": "https://acme.com",
    "logo": "https://acme.com/logo.png"
  },
  "capabilities": {
    "verified_responses": [
      "pricing",
      "integrations",
      "compliance",
      "features"
    ],
    "possible_actions": [
      "schedule_demo",
      "open_ticket",
      "request_quote",
      "start_trial"
    ]
  },
  "endpoint": "https://api.acme.com/mcp",
  "authentication": {
    "methods": ["api_key", "oauth2"]
  }
}

Note

The /.well-known/mcp endpoint must be publicly accessible without authentication. The actual API endpoint may require authentication.

Capability Categories

Category	Description	Example Topics
`pricing`	Plan details, pricing tiers, enterprise quotes	Plans, per-seat costs, volume discounts
`integrations`	Third-party integrations and compatibility	Salesforce, Slack, API availability
`compliance`	Security certifications and data handling	SOC2, HIPAA, GDPR, data residency
`features`	Product capabilities and limitations	Rate limits, SLA, feature availability

Verified Responses

Verified responses allow AI agents to query vendor knowledge with confidence that the information is authoritative and current. Unlike web scraping, responses come directly from the vendor's systems with cryptographic verification.

Ask Endpoint

The primary method for querying vendor knowledge:

POST /mcp/ask

{
  "question": "Does Acme support Salesforce integration?",
  "context": {
    "user_type": "enterprise_buyer",
    "company_size": "500-1000"
  }
}

Response Format

{
  "response": {
    "answer": "Yes, Acme offers native Salesforce integration on Business and Enterprise plans. Setup takes approximately 15 minutes with our guided wizard.",
    "confidence": 1.0,
    "sources": [
      {
        "type": "documentation",
        "url": "https://docs.acme.com/integrations/salesforce"
      }
    ]
  },
  "verification": {
    "signed_by": "acme.com",
    "timestamp": "2024-01-15T10:30:00Z",
    "signature": "sha256:a1b2c3..."
  },
  "suggested_actions": [
    {
      "id": "schedule_demo",
      "label": "Schedule Integration Demo"
    }
  ]
}

Access Levels

Vendors can gate certain information based on qualification status:

Level	Description	Example
`public`	Available to all queries	Feature lists, integration support
`qualified`	Requires basic qualification	Enterprise pricing, SLA details
`nda_required`	Requires signed NDA	Security architecture, roadmap

Important

The vendor controls all qualification logic. AI agents cannot bypass access restrictions—they must complete the required qualification flow.

Possible Actions

Actions enable AI agents to complete tasks on behalf of users—not just answer questions, but take real steps like scheduling meetings, opening support tickets, or starting trials.

Standard Actions

schedule_demo

Book a product demonstration with a sales representative.

open_ticket

Create a support ticket with full conversation context.

request_quote

Request custom pricing based on requirements.

start_trial

Initiate a free trial or sandbox environment.

Action Request

POST /mcp/actions/schedule_demo

{
  "session_id": "sess_abc123",
  "parameters": {
    "preferred_times": [
      "2024-01-20T14:00:00Z",
      "2024-01-21T10:00:00Z"
    ],
    "timezone": "America/New_York",
    "topics": ["Salesforce integration", "Enterprise pricing"]
  }
}

Action Response

{
  "status": "scheduled",
  "confirmation": {
    "meeting_id": "mtg_xyz789",
    "datetime": "2024-01-20T14:00:00Z",
    "duration_minutes": 30,
    "calendar_link": "https://cal.acme.com/mtg_xyz789",
    "assigned_rep": {
      "name": "Sarah Chen",
      "title": "Enterprise Account Executive"
    }
  },
  "context_preserved": {
    "qualification_data": "included",
    "conversation_summary": "included"
  }
}

Tip

Actions preserve full conversation context. When a demo is scheduled, the sales rep receives the complete qualification data and conversation history.

Session Lifecycle

Sessions track the state of an interaction from initial query through action completion. They enable progressive qualification and context preservation.

Session States

Status	Description	Next Steps
`initiated`	Session created, no qualification	Ask questions or begin qualification
`qualifying`	Collecting buyer information	Answer qualification questions
`qualified`	All required data collected	Access gated content, take actions
`action_pending`	Action requested, awaiting confirmation	Confirm or modify action
`completed`	Action successfully completed	Session archived with full context

Qualification Flow

Vendors can require qualification before certain responses or actions:

// Response indicating qualification required
{
  "status": "qualification_required",
  "questions": [
    {
      "id": "company_size",
      "text": "How many employees does your company have?",
      "type": "select",
      "options": ["1-50", "51-200", "201-1000", "1000+"]
    },
    {
      "id": "use_case",
      "text": "What's your primary use case?",
      "type": "text"
    }
  ],
  "reason": "Enterprise pricing requires company information"
}

REST API

Complete REST API reference for implementing an Agentic Web endpoint.

Endpoints

Method	Endpoint	Description
`GET`	`/.well-known/mcp`	Capability manifest (public)
`POST`	`/mcp/ask`	Query vendor knowledge
`POST`	`/mcp/sessions`	Create new session
`GET`	`/mcp/sessions/:id`	Get session status
`POST`	`/mcp/sessions/:id/qualify`	Submit qualification data
`POST`	`/mcp/actions/:action`	Execute an action

Error Responses

{
  "error": {
    "code": "qualification_required",
    "message": "This information requires qualification",
    "details": {
      "required_fields": ["company_size", "use_case"]
    }
  }
}

Security

Security requirements and recommendations for Agentic Web implementations.

Transport Security

HTTPS Required: All endpoints must use TLS 1.2 or higher
Certificate Pinning: Recommended for high-security implementations
HSTS: Strict Transport Security headers should be enabled

Authentication Methods

Method	Use Case	Security Level
API Key	Simple integrations	Basic
OAuth 2.0	User-authorized access	Standard
mTLS	Enterprise/high-security	High

Data Privacy

Compliance

Vendors must clearly document data handling practices, retention policies, and compliance certifications (GDPR, CCPA, SOC2, etc.) in their capability manifest.

Glossary

Agentic Web: The ecosystem of AI-native endpoints that enable direct communication between AI agents and businesses.
Verified Response: An answer from a vendor endpoint that is cryptographically signed and can be trusted by AI agents as authoritative.
Possible Action: A task that an AI agent can complete on behalf of a user, such as scheduling a demo or opening a support ticket.
Capability Manifest: The JSON document at /.well-known/mcp that describes a vendor's agentic capabilities.
Session: A stateful interaction that tracks context, qualification status, and action history.
Qualification: The process of collecting buyer information to unlock gated content or actions.
MCP (Model Context Protocol): The underlying protocol (from Anthropic) that enables AI models to interact with external tools and data sources.