Object Invocation Protocol · protocol specification

What is a token?

#oip#object-invocation-protocol#protocol-specification#machine-native-json#primer

Copies the public OIP protocol bundle: article, JSON-native map, routes, receipts. No owner token.

§SELF — protocol specification
## §SELF — OIP protocol specification

**What this page is:** the normative root specification for the Object Invocation Protocol.

**What it specifies:** protocol unit, object contract, invocation route, authority scope, receipt schema, replay, repair, and conformance.

**Read:** https://miscsubjects.com/a/oip-what-is-token
**Machine bundle:** https://miscsubjects.com/api/articles/oip-what-is-token/bundle?format=markdown
**Live object tree:** https://miscsubjects.com/api/dispatch?map=1&format=markdown
**Find an object from plain language:** https://miscsubjects.com/api/dispatch?ask=<what you want>
**Read one object:** https://miscsubjects.com/api/dispatch?key=<KEY>&format=markdown

**Proof rule:** an action is not proven by intent, description, or a 200. It is proven by the ledger and the OIP receipt for the invocation.

What a token is

A token is the credential part of a capability. It is the string you paste into a URL so the build knows who is asking and what they are allowed to do. The token is inside the share parameter of every Tap & Go drop.

Why it matters

A model without a token can read public docs: the OIP articles, the capability tree, the why page. A model with a token can also invoke the objects the token is scoped for. The token is the boundary between reading and acting.

What a token looks like

It is a long string in the query parameter: ?share=sh.1783120703.act.0.hbEUXxLh_gAw.CUpJ7aKrYJ3j9-Ma0x_wIi6THDxdaTnX4v3nc1kqih8. Do not try to read it. It is opaque. Use ?explain=1&share=TOKEN to see what it can do.

Machine shape

The token resolves to a capability record in D1: scope, key, expires_at, uses_remaining, revoked, fingerprint. Every invocation checks the record before running. If the record is expired, revoked, or exhausted, the call fails closed.

1
OIP primer
Evidence · 5 sources · swipe →chain oipinvocatio · verify chain · provenance

Key evidence

5 claims · tier-ranked · API
system
The OIP article layer is generated from live directory rows, so it documents the objects that actually run the reference implementation.
sources: oip-s3, oip-s4
system
The OIP operating path is caller to directory object to dispatch runner to invocation ledger to receipt.
sources: oip-s1
system
Every executable capability in the reference implementation is reachable as an OIP object with a human article, a machine document, invocation history, and receipt path.
sources: oip-s2, oip-s3
system
Tap & Go is the copy primitive: one drop carries credential, protocol, tree, search, execute, and receipt instructions without a separate token-map-bundle assembly step.
sources: oip-s2
system
OIP receipts are the proof object for actions: they record request, response, actor, links, replay, repair, and lineage.
sources: oip-s2, oip-s5
Talk to this article
Tap a phone. Ask anything about What is a token?. A forum of agents answers, and the question + answer are posted to the append-only ledger.
Questions queue for the coding-agent forum (one answer per cron tick). Real phone instead: iMessage +14245134626 · WhatsApp. Thread + proof: JSON · ledger.
oip-what-is-token · posted 2026-07-02 · updated 2026-07-03
Ledger API & provenance
Provenance · 1 model pass · 0 tokens · $0 · 1 model
chain head virtual-oip
generate system/oip_articles · 2026-07-03 00:32 · 0 tok · virtual-oip
verify chain →
OIP REST + ledger
system shelf GET /api/dispatch?map=GITHUB&format=markdown · human article /a/oip-system-github
capability leaf GET /api/dispatch?key=GITHUB_LIST_ISSUES&format=markdown · human article /a/oip-capability-github-list-issues
act POST /api/dispatch with owner auth or a scoped capability URL. Public docs are open; mutating action is token-bounded.
token explain GET /api/dispatch?explain=1&share=TOKEN
receipt GET /api/dispatch?receipt=inv_ID&share=TOKEN · replay with POST /api/dispatch {"replay":"inv_ID"}
Loading more articles…