Skip to content
For developers

An open licensing spec built on standards you already know.

OpenRSL is an open spec using standards you already know: robots.txt, RSL, OLP, CAP. Self-host the validator, ship your own implementation, or talk to the reference servers.

The open-source repository has the spec, reference libraries, a reference OLP token server, and end-to-end examples. For deeper context, including implementation decisions, design notes, and the project development history, you can request access to the OpenRSL internal repository.

Adding OpenRSL to your website is simple and fast. Once your site and pages are configured as a set of data assets ready for licensing, you will be in full control of how AI can use those data assets.

Three levels

Implement as much as you need.

The spec layers into three levels that build on each other. Ship Level 1 to put your terms on the record, then add accountability and settlement when you’re ready. One standard throughout.

LEVEL 1 · RSL BASIC

Declare your terms

Publish an rsl.xml manifest of allowed uses and prices. Crawlers can read it; nothing is enforced yet, but your terms are on the public record. No backend to run.

LEVEL 2 · AUDITABLE

Make it accountable

Add the OLP token server, self-hosted or via PDS. Crawlers must accept your terms and present a signed ticket for the use they intend, so every request leaves an auditable trail.

LEVEL 3 · SETTLEMENT

Get paid

Connect a payment backend such as Stripe through the pluggable adapter. Every licensed use settles automatically and issues a receipt.

Quickstart

Run the local OLP server.

Clone the reference implementation, start the OLP server with the mock payment provider, then verify the JWKS endpoint. This is the first successful loop.

terminal 1
git clone https://github.com/openrsl/openrsl.git
cd openrsl/olp-server
npm ci --ignore-scripts
npx tsc
PAYMENT_PROVIDER=mock node dist/index.js
terminal 2
curl http://localhost:3000/key

Success is a JWKS response with one ES256 key. Keep the server running while you try the crawler or publisher examples.

Next
  • Crawler demo
    Request a ticket and confirm the CAP header is sent. With the mock server, the content fetch ends in the expected 404.
    Run →
  • TypeScript publisher
    Serve a real gated route: unauthenticated requests get 403, licensed requests get 200.
    Run →
  • Protocol overview
    Read the RSL, OLP, and CAP concepts after the local server is working.
    Read →
Spec

The three moving parts.

rsl.xml

The manifest. Declares which assets are licensed, what types of use are permitted, and the price. Key fields: asset uri, license type (valid values: ai-train, ai-summarize, ai-cite, ai-inference), price currency, unit (valid values: per-token, per-request, per-article), contact.

OLP

Open Licensing Protocol. The token endpoint. A crawler POSTs to /token with intent and asset params and receives a signed ticket. Verify a ticket with GET /introspect.

CAP

Content Authorization Protocol. How the ticket is presented. The crawler attaches Authorization: License {ticket-id} to its content request. The server validates and logs it.

Errors

What the server says when something is wrong.

error responses
402  Payment Required  // license exists, no valid ticket presented
403  Forbidden            // this license type is not available
404  Not Found            // asset not in manifest
401  Unauthorized         // ticket presented but invalid or expired
{ "error": "ticket_invalid", "message": "Ticket a91f2c has expired.", "asset": "/article/the-old-deal" }
Conformance

Test your implementation.

A conformance test suite is in development in the repository under spec/. It covers manifest validation, OLP token flow, and CAP header verification.

View the spec directory on GitHub
Changelog

What has changed.

v0.1-alpha

Initial reference implementation. Python, PHP, and TypeScript libraries. OLP server. End-to-end demos in each language under /examples.