Your infrastructure, off the map.
Invisible until a person or AI agent proves they belong. A qURL opens a portal, admits them once, and closes behind them.
Open a portal, not a port.
No attack surface
Protected resources never listen on the public internet. There is nothing to scan, probe, or exploit.
How it stays unexposed →No client deployment
Recipients just open a link. No VPN app, no agent, no browser extension.
How access works →No credential sharing
Access binds to a verified identity. No passwords, API keys, or secrets change hands—so none can leak.
How identity binds →Open a portal. Watch it close.
Mint a real qURL™ right here — no signup. It admits the first verified requester, works exactly once, and dies on schedule.
https://layerv.ai/qurl/playground/demo/q3-financialsRuns live against the qURL sandbox — rate-limited per IP, public HTTPS only.
Invisible until a portal opens
- 01
Protect a private resource
Connect an app, API, file, or local service without opening permanent inbound access.
- 02
Verify the requester
Confirm the identity and permissions of the person, app, or agent asking to connect.
- 03
Open a secure portal
A qURL link opens temporary, identity-bound access for the approved requester.
When access ends, the portal closes and the resource returns to being invisible.
Your AI agents need what’s private.
MCP tells an agent how to call a tool. A portal decides whether it can connect at all. qURL gives agents time-bound, identity-bound access to private MCP servers, APIs, and internal tools — no human in the loop.
An agent can’t click through an MFA prompt or wait on an IT ticket. It can authenticate with a portal, or be denied.
- Exposed endpoints
- Shared API keys
- ngrok tunnels
- VPN plumbing
// the agent received a qURL link —
// one call opens the portal
portal, err := qurl.EnterPortal(ctx, link)
if err != nil {
return err
}
fmt.Println(portal.ResourceURL) // the resource, reachableOpen your first portal.
Protect anything with a URL — app, API, file, or service — and mint a short-lived qURL for it. Terminal, SDK, or prompt.
client, err := qurl.OpenClient()
resource, err := client.ProtectURL(ctx,
"https://dashboard.internal.acme.com")
portal, err := resource.CreatePortal(ctx,
qurl.ValidFor(time.Hour))
fmt.Println(portal.Link) // the qURL to sharequrl.link/at_abc123def456Give this qURL to the approved person or agent. The portal opens once, then closes for good — nothing to rotate, nothing to revoke.
Portals, wherever you build.
MCP
Let MCP-compatible agents create, resolve, list, and manage qURLs without custom integration code.
Open MCP integrationSDK & API
Protect resources and mint portal links from your product with the Go, TypeScript, and Python SDKs — or the REST API.
Open developer quickstartSlack
Build qURL access into Slack apps and workflows. Admins protect resources, and users request one-time access directly from a channel.
Open Slack integrationDiscord
Share files and locations through one-time qURLs inside Discord.
Open Discord integrationWe wrote the standard. Then we opened it.
LayerV is built on OpenNHP — the protocol for verifying identity before a protected resource becomes reachable, authored at the Cloud Security Alliance and published as an IETF Internet-Draft. The protocol belongs to the commons; we build the best implementation of it.
Read the spec, inspect the SDKs, or build straight from the source — every SDK is open on GitHub.
- Go
go get github.com/layervai/qurl-go/qurl - TS
npm install @layervai/qurl - Python
pip install qurl-python - REST
curl https://api.layerv.ai/v1/qurls
- 1Authenticate identity
- 2Authorize the resource
- 3Establish the private route
- 4Close the route when access ends
Leave nothing to find.
Protect a resource and open your first portal in minutes. Free tier, no credit card, no sales call — and the standard underneath is open.