Power Platform
A custom connector so Power Automate flows and Logic Apps can verify — and govern — real agent identities, with zero code and zero infrastructure.
The pain
Your Power Automate flow just received a webhook from something claiming to be an autonomous agent. Maybe it's an approval callback, maybe it's a payment trigger, maybe it's a step in a multi-agent pipeline built in Copilot Studio. The trigger carries a source IP. You have no low-code way to answer the only question that matters — is this a real, currently-provisioned agent, or a spoofed request from anywhere on the internet? — without dropping into an Azure Function, wiring up raw HTTP actions with hand-built headers, and parsing whatever comes back. Multiply that by every flow that touches agent traffic, and you've built the same bespoke verification action a dozen times, none of them consistent, none of them getting the DNSSEC/DANE chain right, and none of them able to actually provision or shut down the agent when you find a problem.
Whisper closes that gap with one thing: a proper Power Platform custom connector — an Independent Publisher connector, Whisper Agent Identity — that gives every flow a native action for identity verification, and, if you supply an API key, native actions to register, list, police, and revoke agents. No Azure Function, no raw HTTP action, no hand-rolled header. Drag the action into the canvas, fill in two fields, done.
The standard underneath: what "verifying an agent" actually checks
Whisper agent addresses are real, routable IPv6 /128s allocated out of 2a04:2a01::/32 (announced by AS219419). "Is this address a real Whisper agent" is not a lookup in a proprietary table — it's a chain of open, independently-checkable steps, all run server-side for you by the keyless verification endpoint:
- Reverse DNS (PTR) — the address reverse-resolves to a canonical name like
acef2002a323d40d4.<tenant>.agents.whisper.online(reverse DNS per RFC 1035, with IPv6ip6.arpadelegation per RFC 3596). - Forward-confirming reverse DNS (FCrDNS) — resolving that PTR name's
AAAArecord must round-trip back to the original address, so a PTR alone (which anyone can point anywhere) proves nothing without this forward check. - DANE-TLSA pin (RFC 6698) — a
TLSArecord under the agent's name pins its TLS certificate (3 1 1= DANE-EE, SHA-256 of the SPKI), so the name can't be MITM'd even if a CA is compromised. - Signed identity document — an ES256-signed JWS binding the address, the hostname and the issuing tenant, checkable against Whisper's published fleet key.
The keyless endpoint runs all four steps and returns one verdict — is_whisper_agent, dane_ok, jws_ok, plus the supporting evidence — so a flow author never has to orchestrate the chain by hand. Full mechanism: /docs/verifiable-identity and /docs/dane.
The raw HTTP calls the connector wraps
Every keyless operation is one plain HTTPS request — you could reproduce all of this in a flow with raw HTTP actions and manual JSON parsing, which is exactly the boilerplate the connector removes.
# Verify identity end-to-end (PTR + FCrDNS + DANE + signed doc)
GET https://rdap.whisper.online/verify-identity?ip=2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4
# { "is_whisper_agent": true, "fqdn": "acef2002a323d40d4.<tenant>.agents.whisper.online",
# "dane_ok": true, "jws_ok": true, ... }
# The RDAP record (RFC 9083)
GET https://rdap.whisper.online/ip/2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4
# Register / list / revoke (the control plane) — one Cypher verb over HTTPS
POST https://graph.whisper.security/api/query # header: X-API-Key: whisper_live_xxx
{ "query": "CALL whisper.agents({op:'register', args:{label:'invoice-bot'}})" }
The full terminal walk (with dig/openssl) is on Verify an agent — but in Power Automate you never leave the flow.
With Whisper: the custom connector
The connector ships as an Independent Publisher connector — Whisper Agent Identity — importable straight from the swagger definition, or (once merged) discoverable in the Power Platform connector gallery like any first-party connector. The connector package is a swagger/OpenAPI definition plus its connection properties, importable straight into Power Platform; the Independent Publisher submission is pending review.
One connection, two tiers
There is exactly one connection parameter: Whisper API key (securestring, optional). Per Postel's Law — be liberal in what you accept — the connector works with it blank:
| No key | With key | |
|---|---|---|
| Verify agent identity | ✅ | ✅ |
| RDAP lookup | ✅ | ✅ |
| Transparency log | ✅ | ✅ |
| Inbound lookups | ✅ | ✅ |
| Register / List / Set policy / Logs / Revoke | 400, clear error | ✅ |
Under the hood the key is attached only to the five control operations, via a header policy that fires exclusively on those operation IDs — the four keyless actions never see it and never need it. An anonymous call to a control action doesn't 500; it comes back as a clean, structured error: "anonymous callers cannot use the agent control plane — an attributable API key is required." That's the Robustness Principle showing up as a design decision, not a slogan: the connector is strict about what it emits (a typed, documented, RFC-conformant reply) and permissive about what it accepts (key or no key, same connector, same actions visible).
The nine actions
Keyless, served from rdap.whisper.online:
| Action | What it returns |
|---|---|
| Verify agent identity | One verdict: is_whisper_agent, fqdn, dane_ok, jws_ok, evidence. |
| RDAP lookup for an agent address | Full RFC 9083 IP-network object. |
| Get identity transparency log | Hash-chained, ES256-signed issuance/revocation events. |
| Get inbound identity lookups | k-anonymised feed of who has resolved/queried this agent's name. |
Control, served from the Whisper control plane (graph.whisper.security), require the key:
| Action | What it does |
|---|---|
| Register a new agent | Mints a fresh /128 + agent API key (op:register), returned once. |
| List your agents | Your fleet, scoped to your tenant (op:list). |
| Set resolver policy | Per-tenant DNS allow/deny + list policy (op:policy). |
| Get activity logs | Recent DNS / connection / allocation activity (op:logs). |
| Revoke an agent | Irreversibly withdraws the /128, PTR, tokens, key (op:revoke). |
Each control action carries a query field pre-filled with the exact whisper.agents Cypher CALL for that operation — you edit the values inside args (the label, the policy lists, the agent id) directly in the flow designer; the connector POSTs {"query": ...} to the control plane verbatim. This is a deliberate design choice: rather than reinvent a bespoke schema per action, the connector exposes the same control verb documented in /docs/control-plane, so what you learn in Power Automate transfers directly to the CLI and every other SDK.
A flow: verify on trigger, revoke on failure
A minimal but real flow — an HTTP-trigger flow that gates on agent identity before doing anything else:
- Trigger — When an HTTP request is received, body includes
source_ip. - Action —
Whisper Agent Identity→ Verify agent identity,ip = triggerBody()?['source_ip']. - Condition —
is_whisper_agent == trueanddane_ok == true. - Yes → continue the business flow (e.g. approve the payment). - No →Whisper Agent Identity→ Revoke an agent (if you provisioned it) or route to a Teams/email alert with thedetailfield from the verdict.
Swap step 2 for RDAP lookup if you only need the registrant/country/status fields, or add Get inbound identity lookups as a scheduled flow to build a lightweight per-agent access dashboard entirely inside Power BI, fed by a Power Automate recurrence trigger — no separate ETL job.
Installing it
Until the connector lands in the shared gallery, import it as a custom connector from the swagger definition:
- Power Automate → Data → Custom connectors → New custom connector → Import an OpenAPI file.
- Upload the connector's
apiDefinition.swagger.json(hostrdap.whisper.online, five control operations dynamically re-hosted tograph.whisper.security). - Create a connection; paste your
whisper_live_...key if you want the control actions, or leave it blank for keyless-only. - Test each action from the connector's Test tab before wiring it into a flow.
No connector icon ships with an Independent Publisher submission — Power Platform convention. The connector's brand colour (#7a40ff) is set instead so it's recognisable in the action picker.
Related integrations
If your automation platform is Dify rather than Power Platform, the same two-tier keyless/keyed model ships as a Dify plugin — see /docs/integrations for the full no-code matrix (n8n, Zapier, Make, Pipedream, Dify, Power Platform). All of them call the identical public endpoints and the identical whisper.agents control verb described here — there is one control plane, not six.
Next: Verifiable identity for the full verification-chain mechanism, or Control plane for every whisper.agents operation the control actions map to.