Skip to main content
NewMythos ready in minutes

Your infrastructure, off the map.

Invisible until a person or AI agent proves they belong. A qURL opens a portal, admits them once, and closes behind them.

Open a portal, not a port.

Secure

No attack surface

Protected resources never listen on the public internet. There is nothing to scan, probe, or exploit.

How it stays unexposed
Easy

No client deployment

Recipients just open a link. No VPN app, no agent, no browser extension.

How access works
Private

No credential sharing

Access binds to a verified identity. No passwords, API keys, or secrets change hands—so none can leak.

How identity binds

Open a portal. Watch it close.

Mint a real qURL™ right here — no signup. It admits the first verified requester, works exactly once, and dies on schedule.

Resource to protecthttps://layerv.ai/qurl/playground/demo/q3-financials

Runs live against the qURL sandbox — rate-limited per IP, public HTTPS only.

Invisible until a portal opens

  1. 01

    Protect a private resource

    Connect an app, API, file, or local service without opening permanent inbound access.

  2. 02

    Verify the requester

    Confirm the identity and permissions of the person, app, or agent asking to connect.

  3. 03

    Open a secure portal

    A qURL link opens temporary, identity-bound access for the approved requester.

When access ends, the portal closes and the resource returns to being invisible.

Your AI agents need what’s private.

MCP tells an agent how to call a tool. A portal decides whether it can connect at all. qURL gives agents time-bound, identity-bound access to private MCP servers, APIs, and internal tools — no human in the loop.

An agent can’t click through an MFA prompt or wait on an IT ticket. It can authenticate with a portal, or be denied.

  • Exposed endpoints
  • Shared API keys
  • ngrok tunnels
  • VPN plumbing
The agent side is one call
// the agent received a qURL link —
// one call opens the portal
portal, err := qurl.EnterPortal(ctx, link)
if err != nil {
    return err
}

fmt.Println(portal.ResourceURL) // the resource, reachable

Open your first portal.

Protect anything with a URL — app, API, file, or service — and mint a short-lived qURL for it. Terminal, SDK, or prompt.

client, err := qurl.OpenClient()

resource, err := client.ProtectURL(ctx,
    "https://dashboard.internal.acme.com")

portal, err := resource.CreatePortal(ctx,
    qurl.ValidFor(time.Hour))

fmt.Println(portal.Link) // the qURL to share
Your portal link
qurl.link/at_abc123def456
  • One-time use
  • Available for 1 hour
  • For the approved requester
  • Expires automatically

Give this qURL to the approved person or agent. The portal opens once, then closes for good — nothing to rotate, nothing to revoke.

We wrote the standard. Then we opened it.

LayerV is built on OpenNHP — the protocol for verifying identity before a protected resource becomes reachable, authored at the Cloud Security Alliance and published as an IETF Internet-Draft. The protocol belongs to the commons; we build the best implementation of it.

Read the spec, inspect the SDKs, or build straight from the source — every SDK is open on GitHub.

  • Gogo get github.com/layervai/qurl-go/qurl
  • TSnpm install @layervai/qurl
  • Pythonpip install qurl-python
  • RESTcurl https://api.layerv.ai/v1/qurls
OpenNHP
  1. 1Authenticate identity
  2. 2Authorize the resource
  3. 3Establish the private route
  4. 4Close the route when access ends
13.8k stars on GitHub

Leave nothing to find.

Protect a resource and open your first portal in minutes. Free tier, no credit card, no sales call — and the standard underneath is open.