March 2026 · Technical Guide

What Is llms.txt and Why Your SaaS Needs One

SEO made your product discoverable by search engines. llms.txt makes it discoverable by AI agents. If you're building a SaaS product in 2026, this is the file you didn't know you needed.

llms.txt file at the center with AI models — ChatGPT, Claude, Perplexity, Gemini — orbiting and consuming it

TL;DR

llms.txt is a plain text file at your domain root (like robots.txt) that tells AI models what your product does and how to use your API. It's becoming the standard way for LLMs like ChatGPT and Claude to discover SaaS tools. Place it at yoursite.com/llms.txt with a structured description of your product, API endpoints, and usage examples.

The llms.txt standard was proposed by Jeremy Howard in late 2024 and adopted by 40,000+ websites within 18 months, including Cloudflare, Stripe, and Anthropic. (llms.txt Specification).

Key statistic

Websites with an llms.txt file receive 2.3x more citations in AI-generated search results (ChatGPT, Perplexity, Claude) compared to those without (Princeton GEO research).

“robots.txt told search engines what not to read. llms.txt tells AI models what to understand. It's the next standard every website needs.”

— Jeremy Howard, Co-founder of Answer.AI

The analogy everyone gets

In 1994, if you wanted search engines to find your website, you needed a robots.txt file. It told crawlers what to index, what to skip, and how to navigate your site. Every website has one.

In 2026, if you want AI agents to find and use your product, you need an llms.txt file. It tells language models what your product does, what API endpoints are available, how to authenticate, and what the request/response formats look like. All in plain text.

robots.txt was for search engines. llms.txt is for AI agents.

What goes in an llms.txt file

An llms.txt file is a plain text document served at /llms.txt on your domain. It contains everything an AI model needs to understand and use your product:

  • Product description — What does your product do, in one sentence?
  • Connection methods — How does an agent connect? API? MCP? SDK?
  • Authentication — What credentials are needed and how to get them?
  • Endpoints — Every API endpoint with required/optional fields and examples
  • Request/response formats — Exact JSON payloads with sample data
  • Flow — Step-by-step explanation of how the process works
  • Pricing/limits — What does the free tier include? What are the rate limits?
  • Error codes — What do errors mean and how to handle them

The key principle: write for a machine, not a marketer. No promotional language. No “industry-leading” adjectives. Just facts, endpoints, and examples. The model will decide whether to use your product based on whether it solves the user's problem, not because you called yourself “best-in-class”.

A real example: Signbee's llms.txt

Here's a condensed version of what we serve at signb.ee/llms.txt:

signb.ee/llms.txt (condensed)
# Signbee
> Send documents for e-signing via a single API call. Built for AI agents.

## Connect (pick one)

### 1. Direct API (zero setup)
POST https://signb.ee/api/v1/send
Content-Type: application/json
Authorization: Bearer <api_key> (optional)

### 2. MCP Server
{"mcpServers": {"signbee": {"command": "npx", "args": ["-y", "signbee-mcp"]}}}

## Endpoints

### POST /api/v1/send
Required fields:
- recipient_name, recipient_email
- Either markdown (min 10 chars) OR pdf_url

Example request:
{"markdown": "# Mutual NDA\n...", "sender_name": "Alice",
 "sender_email": "alice@startup.com", "recipient_name": "Bob",
 "recipient_email": "bob@acme.com"}

## Plan limits
- Free: 5 documents/month
- Pro ($9/mo): 100 documents/month
- Business ($19/mo): Unlimited

No fluff. No marketing copy. Just actionable information that a model can parse, understand, and act on immediately.

Why this matters now

Something fundamental is shifting in how users discover software. The old funnel was: Google search → landing page → sign up → read docs → integrate. That flow assumed a human in a browser at every step.

The new funnel is increasingly: User asks AI → AI searches for tools → AI reads your llms.txt → AI integrates your product → User sees the result. The human never visits your website. They never read your docs. They never see your pricing page.

If an AI model can't find or understand your API, it will recommend a competitor that it can. That's the new competitive dynamic.

• robots.txt → “Search engines, here's how to crawl me”
• sitemap.xml → “Search engines, here's everything I have”
• openapi.json → “Developers, here's my API spec”
• llms.txt → “AI agents, here's how to use me”

Each file in this stack serves a different consumer. The first three have been standard for years. The fourth is becoming essential in 2026.

How to build your own llms.txt

Here's a template you can adapt for any SaaS product:

llms.txt template
# [Product Name]
> [One-sentence description of what the product does]

## Authentication
[How to get and use credentials]

## Endpoints

### [METHOD] [/path] — [What it does]
[Description]

Required fields:
- field_name: description

Optional fields:
- field_name: description (default: value)

Example request:
{JSON example}

Example response:
{JSON example}

## Flow
1. [Step one]
2. [Step two]
3. [Step three]

## Pricing
- Free: [what's included]
- Paid: [what's included, price]

## Error codes
- 400: [meaning]
- 401: [meaning]
- 429: [meaning]

## Links
- Docs: [url]
- OpenAPI: [url]
- Support: [email]

Key rules:

  1. Plain text only — No HTML, no rich formatting. Markdown headings are fine
  2. Be specific — Include real field names, real JSON, real URLs
  3. Include examples — Show complete request/response pairs
  4. State limitations — Rate limits, plan restrictions, field constraints
  5. Skip the marketing — No superlatives, no testimonials, no social proof
  6. Keep it current — Update it whenever your API changes

Dynamic User-Agent Routing in Practice

While a static llms.txt file served directly from your public directory provides a solid foundation, serving a single definition to all AI agents is often insufficient. AI bots are not monolithic; they have completely different system prompts, varying context windows, and highly diverse targets.

For instance, a search engine crawler like PerplexityBot or GPTBot in web-browsing mode needs highly condensed summaries of your product capabilities and pricing so it can quickly decide whether to feature you in search results. It has a tight context budget and needs speed. Conversely, a code assistant like ClaudeBot or a dedicated integration agent needs exhaustive API schemas, detailed typescript interfaces, and complete JSON response bodies to write accurate, compile-safe integration code.

By detecting the User-Agent header sent by the bot and using server-side dynamic routing, you can serve custom-tailored markdown documentation files optimized for the specific context budget and operational intent of the requesting agent.

Request Lifecycle Flowchart

                      ┌─────────────────────────────────┐
                      │       AI Agent / Crawler        │
                      │   (e.g., ClaudeBot, GPTBot)     │
                      └────────────────┬────────────────┘
                                       │
                                       │ HTTP GET /llms.txt
                                       │ (Header: User-Agent)
                                       ▼
                      ┌─────────────────────────────────┐
                      │      Edge Route Controller      │
                      │ (Next.js / FastAPI Web Server)  │
                      └────────────────┬────────────────┘
                                       │
                                       │ Read & Parse Header
                                       ▼
                      ┌─────────────────────────────────┐
                      │      User-Agent Inspection      │
                      └──────┬─────────┬─────────┬──────┘
                             │         │         │
          Match: "claudebot" │         │         │ Match: "perplexitybot"
                             │         │         │
                             ▼         │         ▼
          ┌───────────────────────┐    │    ┌────────────────────────┐
          │   Claude-Tailored     │    │    │  Perplexity-Tailored   │
          │   Markdown Docs       │    │    │  Markdown Docs         │
          │  (High Detail/Specs)  │    │    │  (High Density / Caps) │
          └───────────────────────┘    │    └────────────────────────┘
                                       │
                                       │ No Match (Fallback)
                                       ▼
                          ┌────────────────────────┐
                          │    Default General     │
                          │     llms.txt File      │
                          └────────────────────────┘

To implement this on your server, write a route controller that parses the HTTP request headers. Below are complete, functional examples in both Node.js (Next.js App Router Route Handler) and Python (FastAPI).

src/app/llms.txt/route.ts (Next.js App Router Route Handler)
import { NextRequest, NextResponse } from "next/server";

const CLAUDE_DOCS = `# Signbee Developer Documentation (Claude-Optimized)
> Advanced e-signature API integration guidelines designed for ClaudeBot.

## API Schemas
- Base URL: https://signb.ee/api/v1
- Format: JSON (RFC 8259)

### Authentication
Include API key in the Authorization header:
\`\`\`http
Authorization: Bearer <YOUR_API_KEY>
\`\`\`

### Send Document Endpoint
POST /send
Content-Type: application/json

Payload:
\`\`\`json
{
  "sender_email": "string (email)",
  "recipient_email": "string (email)",
  "document_markdown": "string (markdown content, min 10 chars)"
}
\`\`\`
`;

const PERPLEXITY_DOCS = `# Signbee Capability Sheet (Perplexity-Optimized)
> Direct feature summary and pricing matrix.

## Features
- E-Signatures: Single API call for markdown and PDF contracts.
- Compliance: SOC 2, HIPAA, eIDAS, ESIGN Act compliant.
- Extensibility: MCP server, OpenAPI 3.0, Zapier integration.

## Pricing
- Free: 5 free envelopes/month.
- Pro: $9/month for 100 envelopes.
- Business: $19/month for unlimited documents.
`;

const DEFAULT_DOCS = `# Signbee (Default)
> E-signature API built for AI agents.

## Connection Options
1. Direct API: POST https://signb.ee/api/v1/send
2. MCP Server: npx -y signbee-mcp

See /llms-full.txt for recursive links to sub-modules.
`;

export async function GET(request: NextRequest) {
  const userAgent = request.headers.get("user-agent") || "";
  const uaLower = userAgent.toLowerCase();

  let body = DEFAULT_DOCS;
  let cacheTtl = 86400; // 24 hours default for standard clients

  if (uaLower.includes("claudebot")) {
    body = CLAUDE_DOCS;
    cacheTtl = 3600; // Cache for 1 hour for fast-moving ClaudeBot specs
  } else if (uaLower.includes("perplexitybot")) {
    body = PERPLEXITY_DOCS;
    cacheTtl = 1800; // Cache for 30 mins for real-time search engines
  }

  return new NextResponse(body, {
    headers: {
      "Content-Type": "text/plain; charset=utf-8",
      "Cache-Control": \`public, max-age=\${cacheTtl}, stale-while-revalidate=600\`,
      "Access-Control-Allow-Origin": "*",
      "Access-Control-Allow-Methods": "GET, OPTIONS",
      "X-Content-Type-Options": "nosniff",
    },
  });
}

For Python backends, FastAPI provides an elegant approach using PlainTextResponse and dynamic header mapping.

main.py (FastAPI Endpoint with Cache & CORS Controls)
from fastapi import FastAPI, Request
from fastapi.responses import PlainTextResponse
from fastapi.middleware.cors import CORSMiddleware

app = FastAPI()

# Allow cross-origin requests from AI tools running on client browsers
app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["GET", "OPTIONS"],
    allow_headers=["*"],
)

CLAUDE_DOCS = """# Signbee Developer Documentation (Claude-Optimized)
> Advanced e-signature API integration guidelines designed for ClaudeBot.

## API Schemas
- Base URL: https://signb.ee/api/v1
- Format: JSON (RFC 8259)

### Authentication
Include API key in the Authorization header:
```http
Authorization: Bearer <YOUR_API_KEY>
```
"""

PERPLEXITY_DOCS = """# Signbee Capability Sheet (Perplexity-Optimized)
> Direct feature summary and pricing matrix for Perplexity.

## Features
- E-Signatures: Single API call for markdown and PDF contracts.
- Compliance: SOC 2, HIPAA, eIDAS, ESIGN Act compliant.
"""

DEFAULT_DOCS = """# Signbee (Default)
> E-signature API built for AI agents.

See /llms-full.txt for recursive links to sub-modules.
"""

@app.get("/llms.txt", response_class=PlainTextResponse)
async def get_llms_txt(request: Request):
    user_agent = request.headers.get("user-agent", "").lower()
    
    if "claudebot" in user_agent:
        content = CLAUDE_DOCS
        cache_ttl = 3600
    elif "perplexitybot" in user_agent:
        content = PERPLEXITY_DOCS
        cache_ttl = 1800
    else:
        content = DEFAULT_DOCS
        cache_ttl = 86400
        
    headers = {
        "Cache-Control": f"public, max-age={cache_ttl}, stale-while-revalidate=600",
        "X-Content-Type-Options": "nosniff"
    }
    
    return PlainTextResponse(content=content, headers=headers)

Recursive Docs Mapping & llms-full.txt

For modern enterprise APIs, developer documentation is massive. Exposing all code libraries, edge cases, and endpoints in a single file will quickly exhaust the context windows of AI agents, bloating the token count and raising the cost of operations.

To solve this, the llms-full.txt standard introduces a recursive indexing pattern. Instead of placing all instructions in a single file, you define a parent file that serves as a directory of sub-modules. The parent file contains brief metadata and a section of markdown links pointing to target sub-documents.

An AI crawler reads the index, extracts the link summaries, and fetches only the relevant sub-resource (e.g., llms-webhooks.txt, llms-auth.txt, llms-templates.txt) dynamically as the user task requires it. This modular layout keeps the prompt size small, speeds up inference time, and improves token processing efficiency.

llms-full.txt Example Map
# Signbee Complete API Index
> Index of all sub-modules for AI Agent integration.

## Sub-Modules
- [Authentication API](https://signb.ee/docs/llms-auth.txt)
  > Credentials, security boundaries, and scopes.
- [Webhooks Integration](https://signb.ee/docs/llms-webhooks.txt)
  > Webhook signatures, retries, and events.
- [Templates Management](https://signb.ee/docs/llms-templates.txt)
  > Reusable contract templates and dynamic fields.

The GEO advantage

This is part of a broader shift called Generative Engine Optimisation (GEO) — the practice of making your product discoverable and usable by AI-powered search and recommendation systems.

Traditional SEO optimises for Google's ranking algorithm. GEO optimises for the information retrieval and tool-use capabilities of large language models. Different engines, different optimisation strategies:

SEOGEO
TargetGoogle, BingChatGPT, Claude, Perplexity
FormatHTML, meta tags, schemallms.txt, openapi.json, plain text
GoalRank on page 1Be recommended and integrated
User actionClick a linkZero-click (AI takes action)

The companies that invest in GEO now will have a significant advantage as AI-assisted discovery becomes the default. An llms.txt file is the lowest-effort, highest-impact first step you can take.

Start today

Creating an llms.txt file takes about 30 minutes. Here's the checklist:

  1. Write a one-line product description (no marketing language)
  2. List every public API endpoint with required fields and examples
  3. Document authentication requirements
  4. Include real JSON request/response pairs
  5. State pricing, limits, and error codes
  6. Serve it at /llms.txt as text/plain
  7. Allow AI crawlers to access it in your robots.txt

You can see a production example at signb.ee/llms.txt. Copy the structure. Adapt it for your product. Ship it today.

Frequently Asked Questions

How do AI crawlers cache llms.txt and what is the best invalidation strategy?

AI agent crawlers (such as GPTBot, ClaudeBot, and PerplexityBot) utilize aggressive internal cache stores to minimize latency and bandwidth consumption when retrieving llms.txt files. To manage how long these bots retain your developer specifications, you must use standard HTTP caching headers. We recommend setting a Cache-Control: public, max-age=86400, stale-while-revalidate=3600 header for general routes. This allows bots to cache the definition for up to 24 hours, but if an update is deployed, edge gateways will serve the stale document immediately and asynchronously fetch the fresh one in the background. For real-time search engines like Perplexity, reduce max-age to 1800 (30 minutes) to ensure index synchronization. When making breaking changes to your API definitions, you can force cache invalidation on major CDNs using path-based cache purging for /llms.txt.

How should API providers handle security boundaries when exposing endpoint schemas to LLMs?

Exposing API endpoints directly to LLMs presents unique security surfaces. To secure your llms.txt endpoints, first ensure that you never publish credentials, raw secret formats, or internal private URLs. Always use standard placeholders (e.g., <api_key>) and document them explicitly as mock credentials. Second, prune any private, internal, or administrative endpoints from your public routing logs. Only expose public API routes that are fully protected by OAuth2, JWT, or Bearer auth. Third, since AI agents can generate massive volumes of automated requests rapidly, enforce strict rate limiting (e.g., HTTP 429 Too Many Requests) on the downstream endpoints. Implement bot-specific rate limits by detecting User-Agent strings. Finally, avoid linking to undocumented development environments or sandboxes that lack production-grade security defenses.

What are the formatting guidelines and best practices for recursive documentation linking?

Recursive documentation mapping via llms-full.txt helps manage context windows, but requires strict structuring rules to prevent bot loops. First, keep depth limits to a maximum of 2 or 3 hops. This prevents agents from drowning in deep link traversal operations. Second, do not create cyclical links: a child page should never link back to the main index llms.txt or to its siblings unless using a clearly designated parent metadata anchor that bots are programmed to ignore. Third, use clean Markdown bullet structures where each link is immediately followed by a blockquote or inline description summarizing its contents. This allows semantic routing algorithms to determine relevance without performing an HTTP fetch on the sub-resource. Keep the sub-modules small, ideally under 3,000 words, to fit cleanly within common cache slotting parameters.

Related resources

Signbee is AI-discoverable by design — llms.txt, openapi.json, MCP server.