{"issuer":"https://api.menciona.ai","authorization_endpoint":"https://api.menciona.ai/authorize","token_endpoint":"https://api.menciona.ai/token","registration_endpoint":"https://api.menciona.ai/register","revocation_endpoint":"https://api.menciona.ai/revoke","scopes_supported":["read","read_write","offline_access"],"response_types_supported":["code"],"grant_types_supported":["authorization_code","refresh_token"],"code_challenge_methods_supported":["S256"],"token_endpoint_auth_methods_supported":["none"],"agent_auth":{"skill":"https://menciona.ai/auth.md","register_uri":"https://app.menciona.ai/api/acp/checkout_sessions","registration_flow":"acp_checkout_complete","identity_types_supported":["anonymous","identified"],"credential_types_supported":["api_key"],"credential_format":"Long-lived bearer API key, prefix \"menciona_\". No expiry; valid until revoked. Not an OAuth token (no expires_in / refresh_token).","credential_issued_at":"checkout_complete","checkout_session_endpoint":"https://app.menciona.ai/api/acp/checkout_sessions","feed_endpoint":"https://app.menciona.ai/api/acp/feed","revocation_uri":"https://app.menciona.ai","account_claim_uri":"https://app.menciona.ai/signup","note":"The operating credential is a long-lived API key (menciona_…) issued atomically by POST /api/acp/checkout_sessions/{id}/complete. There is no standalone registration step — account creation, subscription, and key issuance happen in one call. Revoke by deleting the key in the dashboard; reclaim an anonymous workspace via password reset if a real email was used at checkout. See https://menciona.ai/auth.md §Option C for the full recipe."}}