# Caboo Gateway auth.md Caboo Gateway publishes machine-readable service and booking discovery for local businesses. Today, agents can read public profiles, service catalogs, booking options, and policy surfaces without a Caboo-issued credential. Verified booking credentials are available for the user-claimed email OTP ceremony. The credential flow is intended for opted-in Act profiles that require buyer or patient verification before a booking write. ## 1. Discover - Protected Resource Metadata: https://app.getcaboo.com/.well-known/oauth-protected-resource - Authorization Server metadata: https://app.getcaboo.com/.well-known/oauth-authorization-server - Prose companion: https://app.getcaboo.com/auth.md The Protected Resource Metadata is the runtime source of truth. If this file and the metadata disagree, follow the metadata. ## 2. Current capability - `act.read`: public read access for Caboo Gateway profiles, services, booking options, availability surfaces, and policy copy. - `act.book`: issued only after the buyer/patient completes the user-claimed email OTP ceremony. ## 3. Credential flows Caboo supports user-claimed, email-required OTP for buyer or patient verification. `/agent/auth` accepts a verified buyer email registration, sends an OTP through Caboo email infrastructure, and issues a short-lived bearer credential only after `/agent/auth/claim/complete` succeeds. Caboo does not currently support managed agent-provider identity assertions. That research track is deferred until agent providers can mint suitable assertions for Caboo's audience and a real pilot needs the lower-friction flow. ## 4. Use without a Caboo credential Agents may continue to use public Act discovery routes and normal booking links where a profile exposes them. If a future opted-in profile requires verified booking, Caboo will return a 401 response with a `WWW-Authenticate` discovery hint and instructions for the active credential ceremony. ## 5. Policies and support - Terms: https://app.getcaboo.com/terms - Privacy: https://app.getcaboo.com/privacy - Integration support: mailto:support@getcaboo.com