A2A AGENT CARD
Discover Fonteum, agent-to-agent.
A2A protocol-compliant agent card hosted at /.well-known/agent.json. Five skills, JWT auth, machine-discoverable. Live and queryable now.
Supported by Google A2A Protocol
01 · QUICK START
One command. No auth required.
The agent card is public. No key required to discover capabilities. Authentication is required only at the skill-execution layer.
curl https://fonteum.com/.well-known/agent.json
02 · ANNOTATED CARD
Every field explained.
The annotated card below is what /.well-known/agent.json returns, with inline comments explaining each field.
{
// A2A spec version
"schema_version": "v0.1",
// Brand name for agent discovery surfaces
"name": "Fonteum",
// One-sentence capability summary — do not expand beyond scope
"description": "Federal healthcare data infrastructure. CMS and HHS-OIG only. Row-level provenance. FHIR R4-native.",
// Canonical URL — resolves to the public brand hub
"url": "https://fonteum.com",
"provider": {
"organization": "Fonteum, Inc.",
// Agent documentation and rate limit details live here
"url": "https://fonteum.com/for/ai-agents"
},
// CalVer — year.month.patch
"version": "2026.05.1",
// All endpoints require a signed JWT in the Authorization header
"authentication": { "type": "bearer", "scheme": "JWT" },
// Five callable skills — each maps to a FHIR or REST endpoint
"skills": [
{
"id": "npi_lookup",
"name": "NPI Lookup",
"description": "Look up a US healthcare provider by NPI."
},
{
"id": "leie_check",
"name": "LEIE Exclusion Check",
"description": "Check if an NPI is on the HHS-OIG LEIE."
},
{
"id": "facility_lookup",
"name": "Facility Lookup",
"description": "Look up a CMS-certified facility by CCN."
},
{
"id": "hcris_financials",
"name": "HCRIS Financials",
"description": "Retrieve CMS HCRIS cost-report financials for a facility."
},
{
"id": "provider_ownership",
"name": "Provider Ownership",
"description": "Retrieve SNF ownership records joined by CCN."
}
],
// Full OpenAPI spec + tutorial at /api
"documentationUrl": "https://fonteum.com/api",
// GDPR + CCPA position documented at /trust
"privacyPolicyUrl": "https://fonteum.com/trust"
}03 · FIVE SKILLS
What the agent can do.
npi_lookup
NPI Lookup
Look up a US healthcare provider by NPI. Returns FHIR R4 Practitioner resource with CMS enrollment data.
GET /api/fhir/Practitioner?identifier={npi}Source: CMS NPI Registry · JWT required
leie_check
LEIE Exclusion Check
Check if an NPI appears in the HHS-OIG List of Excluded Individuals and Entities. Monthly federal refresh, 68,055 records.
GET /api/fhir/Practitioner/{npi}/$leie-checkSource: HHS-OIG LEIE · JWT required
facility_lookup
Facility Lookup
Look up a CMS-certified healthcare facility by CMS Certification Number (CCN). Returns Organization resource with Care Compare data.
GET /api/fhir/Organization?identifier={ccn}Source: CMS POS + Care Compare · JWT required
hcris_financials
HCRIS Financials
Retrieve CMS cost-report financials for a facility. Annual data from CMS Healthcare Cost Report Information System (HCRIS). Report period and methodology version included in response.
GET /api/facilities/{ccn}/financialsSource: CMS HCRIS · JWT required
provider_ownership
Provider Ownership
Retrieve SNF ownership records joined by CCN. Returns the chain structure, affiliated entity IDs, and ownership disclosure sourced from CMS SNF All Owners.
GET /api/facilities/{ccn}/ownershipSource: CMS SNF All Owners · JWT required
04 · INTEGRATION
Copy-paste integration in Python, TypeScript, or cURL.
PYTHON
import httpx
# Fetch the agent card
card = httpx.get("https://fonteum.com/.well-known/agent.json").json()
print(card["skills"]) # List of 5 skills
# NPI lookup (requires JWT)
headers = {"Authorization": f"Bearer {YOUR_JWT}"}
provider = httpx.get(
"https://fonteum.com/api/fhir/Practitioner",
params={"identifier": "1234567890"},
headers=headers,
).json()TYPESCRIPT
import type { AgentCard } from "@/types/a2a";
// Fetch the agent card
const card: AgentCard = await fetch(
"https://fonteum.com/.well-known/agent.json"
).then((r) => r.json());
// NPI lookup (requires JWT)
const provider = await fetch(
"https://fonteum.com/api/fhir/Practitioner?identifier=1234567890",
{ headers: { Authorization: `Bearer ${jwt}` } }
).then((r) => r.json());cURL
# Fetch the agent card (no auth required) curl https://fonteum.com/.well-known/agent.json # NPI lookup (requires JWT) curl -H "Authorization: Bearer $JWT" \ "https://fonteum.com/api/fhir/Practitioner?identifier=1234567890" # LEIE exclusion check (requires JWT) curl -H "Authorization: Bearer $JWT" \ "https://fonteum.com/api/fhir/Practitioner/1234567890/\$leie-check"
05 · LIMITS + ERRORS
Rate limits and error codes.
RATE LIMITS
| Tier | Requests / min | Requests / day | Burst |
|---|---|---|---|
| Free (no JWT) | 10 | 500 | 20 |
| Pilot (JWT) | 60 | 10,000 | 120 |
| Enterprise (JWT) | 600 | Unlimited | 1,200 |
ERROR CODES
| HTTP Status | Error Code | Meaning |
|---|---|---|
| 400 | INVALID_NPI | NPI format invalid — must be 10 digits |
| 401 | JWT_MISSING | Authorization header absent or malformed |
| 403 | JWT_EXPIRED | Bearer token expired — re-issue required |
| 404 | NPI_NOT_FOUND | NPI not in CMS enrollment records |
| 429 | RATE_LIMITED | Request quota exceeded — see Retry-After header |
| 500 | UPSTREAM_ERROR | CMS source temporarily unavailable |
“The card is public. The data requires a key. That's the whole model.”