# auth.md

Bible Study API is currently a public, read-only API for source-backed Bible study over HTTP and MCP. Agents do not need to register, request OAuth tokens, or present API keys to use the public HTTP, MCP, OpenAPI, documentation, or skill endpoints.

## Agent audience

This file is for automated agents that need to decide whether authentication, registration, or credential provisioning is required before using bible.grod.es.

## Public access

- API base: https://bible.grod.es
- Documentation: https://bible.grod.es/docs
- OpenAPI: https://bible.grod.es/openapi.json
- MCP endpoint: https://bible.grod.es/mcp
- Skill: https://bible.grod.es/api/skill

## Registration

Registration is not required. Anonymous public access is supported for read-only requests.

Discovery metadata is still published so agents can make an explicit authentication decision:

- OAuth authorization server metadata: https://bible.grod.es/.well-known/oauth-authorization-server
- OAuth protected resource metadata: https://bible.grod.es/.well-known/oauth-protected-resource
- OpenID Connect discovery metadata: https://bible.grod.es/.well-known/openid-configuration

## Credential use

No credentials are issued for the current public API. If protected write or private endpoints are added later, this file and the OAuth metadata will be updated with the required registration, claim, revocation, and token flow.
