# Agent Authentication — Defence Dreamers Academy ## Overview Defence Dreamers Academy provides public educational content and private user-specific endpoints. This document describes how agents and automated systems can discover and access our resources. ## Discovery Endpoints | Resource | URL | |----------|-----| | API Catalog (RFC 9727) | https://defencedreamersacademy.com/functions/api-catalog | | Agent Skills Index | https://defencedreamersacademy.com/functions/agent-skills-index | | LLMS.txt Index | https://defencedreamersacademy.com/functions/llms.txt | | Sitemap | https://defencedreamersacademy.com/functions/sitemap.xml | | Robots.txt | https://defencedreamersacademy.com/robots.txt | | OAuth Metadata | https://defencedreamersacademy.com/functions/oauth-protected-resource | | MCP Server Card | https://defencedreamersacademy.com/functions/mcp-server-card | ## Public Access All educational content, discovery endpoints, blog posts, current affairs, exam guides, and leaderboard data are publicly accessible without authentication. ## Authentication User-specific endpoints (dashboard, performance history, coin balance, course reservations) require authentication via OAuth 2.0 / OpenID Connect through the Base44 auth provider. ### Supported Identity Types - Email / Password - Google OAuth (OpenID Connect) ### Token Acquisition See `/functions/oauth-protected-resource` for authorization server details and supported scopes. ### Credential Types - Bearer tokens (`Authorization: Bearer` header) - Session cookies (for browser-based access) ## Agent-Specific Notes - Respect `robots.txt` Content-Signal directives (`ai-train=no, search=yes, ai-input=no`) - Use `Accept: text/markdown` for markdown-formatted responses where supported - Crawl delay: 5 seconds between requests - All `/api/` and `/functions/` paths (except discovery endpoints) are disallowed for crawling ## Registration Agents and automated systems do not need registration for public resources. For API access requiring user data, agents should direct users through the standard OAuth flow.