EC
← All Starter Kits
Intermediate1-2 hoursPython · Python

API Workflow Agent

1What This Kit Builds

A multi-step API workflow orchestrator with ECZ-ID identity verification at every handoff. This produces an agent that can chain API calls across systems and organisations with verified identity, circuit breakers, retry logic, and a complete audit trail that makes every handoff resolver-verifiable.

2Who It Is For

Integration teams, platform engineers, and developers building automated workflows that span multiple APIs and services. Ideal for organisations where API handoffs must be auditable, verifiable, and commercially legible across organisational boundaries.

3Why ECZ-ID Matters Here

API workflows that cross organisational boundaries are trust boundaries. ECZ-ID ensures every API call carries verified identity, every handoff is attested, and every downstream system can verify who is making the request. This transforms brittle API integrations into trusted, insurer-legible workflows.

4Architecture

Workflow Orchestrator

Manages multi-step API workflow execution with state management and error recovery.

Identity-Verified Handoffs

Every API call carries ECZ-ID identity context, enabling downstream verification at each handoff.

Circuit Breaker Engine

Prevents cascade failures with identity-aware circuit breakers that log failure context.

Retry & Backoff Manager

Intelligent retry logic with exponential backoff, maintaining identity context across retries.

Audit Trail Generator

Comprehensive logging of every API call, response, and handoff with identity anchoring.

Trust Context Propagator

Propagates verified identity context across API boundaries and service meshes.

5Build Steps Overview

1
Clone the API workflow starter
Pull the template with workflow orchestration scaffolding.
2
Install dependencies
Install the ECZ-ID SDK, HTTP client libraries, and workflow management tools.
3
Define your workflow steps
Map out the API calls, handoffs, and decision points in your workflow.
4
Configure API endpoints
Set up connections to your target APIs and services.
5
Review handoff patterns
Understand how identity verification works at each API boundary.

Trust Map

Required Passports
ECZ-ID Business PassportAgent CredentialAPI Passport
Recommended Passports
Software Supply Chain PassportCyber Resilience Passport
Relevant Packages
Agent Starter PackageAPI Trust Package
What Each Enables
ECZ-ID Business Passport: Organisation-level identity for API workflow ownership
Agent Credential: Verified orchestrator identity for workflow management
API Passport: Identity-verified handoffs at every API boundary
Cyber Resilience Passport: Security posture verification for API integrations

6TrustOps Credentialing Checkpoint

TrustOps Credentialing Checkpoint

Pause here to acquire your required ECZ-ID trust objects

This is a designed pause point in your build process. Before continuing, you need to acquire the required ECZ-ID passports and credentials from TrustOps. This midpoint credentialing approach ensures your agent is built with verified identity from the start—not bolted on after the fact.

Required Passports

  • ECZ-ID Business Passport
  • Agent Credential
  • API Passport

Recommended Passports

  • Software Supply Chain Passport
  • Cyber Resilience Passport

Relevant Packages

Agent Starter PackageAPI Trust Package

What You Must Acquire in TrustOps

ECZ-ID Business Passport
Enables: Parent identity for your organisation
Agent Credential
Enables: Verified identity for the workflow orchestrator agent
API Passport
Enables: Verified API handoffs at every workflow step
Cyber Resilience Passport (recommended)
Enables: Security posture verification for API integrations

What You Bring Back from TrustOps

Agent ECZ-ID
Workflow agent’s verified identity string
API Credential Set
ECZ-ID API keys for identity-verified handoffs
Workflow Manifest
Trust configuration for the complete workflow chain
Handoff Policy Document
Identity verification requirements for each API boundary
Continue in TrustOpsView Required ECZ-ID Package

9Return and Complete Integration

With your TrustOps credentials in hand, return here to complete the final build steps.

1
Inject workflow credentials
Add your Agent ECZ-ID and API keys to the workflow configuration.
2
Wire identity handoffs
Enable ECZ-ID identity context at every API call boundary.
3
Configure circuit breakers
Set up identity-aware circuit breakers with trust context logging.
4
Test the complete workflow
Run end-to-end workflow tests in sandbox with identity verification.
5
Validate audit trail
Confirm the complete workflow audit trail is identity-anchored.

10Verify Through Resolver

Verify workflow agent

Query the orchestrator agent’s identity through Resolver.

Trace a workflow execution

Follow a complete workflow execution through Resolver, verifying identity at each handoff.

Audit API boundaries

Verify that every API handoff carried correct identity context.

Check retry provenance

Confirm retried calls maintain identity chain continuity.

Verify with Resolver

11Deploy Anywhere

ECZ-ID-backed agents are portable. Your verified identity travels with your agent regardless of deployment target. No vendor lock-in.

Cloud Functions (AWS Lambda, GCP Functions, Azure Functions)
Container orchestration (ECS, Cloud Run, AKS)
Self-hosted workflow engines
Kubernetes with Argo/Temporal
Service mesh deployments
Event-driven architectures

12Limits & Non-Claims

  • This kit does not provision ECZ-ID credentials. All credentialing happens through TrustOps.
  • This kit does not provide access to target APIs. API relationships are separate.
  • Identity verification requires cooperation from downstream API providers or proxies.
  • Circuit breaker thresholds are configurable but not auto-tuned.
  • Audit trails are only as complete as the identity hooks configured at each step.

Ready to Build This Agent?

Start with the build steps above, credential through TrustOps, and deploy your resolver-verifiable agent anywhere.

Continue in TrustOpsView All Starter Kits