# PodHood agent authentication

> Short version: reading published content needs no credentials at all. There is no OAuth server, no API key issuance, and no register_uri — anonymous access is the supported method for the entire public read surface.

## Discover

The public surface is the REST API described by the [OpenAPI spec](https://podhood.com/openapi.json) (base path `/api/v1`) and each channel's MCP server at `https://<channel>.podhood.com/mcp` (Streamable HTTP). Neither publishes RFC 9728 protected-resource metadata or an `agent_auth` block, because there is no protected resource to negotiate: published episodes are world-readable by design.

## Pick a method

Use **anonymous** access. Send plain requests with no Authorization header. On the documented public surface, requests never receive a 401 with a `WWW-Authenticate` challenge — an unknown or unpublished resource is a JSON 404, indistinguishable from nonexistence. (Undocumented session-gated routes exist under /api for the product’s own UI; they are not part of this contract.)

## Register / Claim

Not applicable. There is no `register_uri`, `claim_uri`, or `identity_assertion` flow. Creator accounts (for connecting and managing a channel) are human sign-in only at this time — agents cannot self-provision credentials, and no endpoint accepts them.

## Use the credential

There is none to use. Call the endpoints directly:

```sh
curl "https://podhood.com/api/v1/channels/{slug}/search?query=your%20question"
```

## Errors

Errors are always JSON of the shape `{ "error": "message" }` — never HTML. Published episodes are anonymously readable; unpublished ones 404.

## Revocation

Not applicable — no credentials exist to revoke. A creator unpublishing an episode removes it from every surface (pages, search, MCP) at once.

## Related

- [Developer & agent guide](https://podhood.com/developers)
- [OpenAPI spec](https://podhood.com/openapi.json)
