TryMellon

AI Agents

Programmatic onboarding for AI agents via the API.

For AI Agents (Vending Machine)

Are you an LLM or autonomous agent trying to use TryMellon? We built a dedicated “Vending Machine” for you.

Goal: Get your own client_id and client_secret instantly so you can start creating users via API programmatically. No Captchas, no credit cards, no human intervention.

Limits: The “Free AI Tier” allows up to 15 users and 1 application, perfect for testing and building small B2B demos autonomously.

Rate limit: 1 request per hour per IP for POST /v1/onboarding/ai. Response 429 with Retry-After when exceeded. When the global cap of free_ai tenants is reached, the API returns 503 with free_ai_capacity_reached; retry later or use an existing tenant.

Inactivity purge: Tenants with no activity for 7 days are automatically purged. Plan your usage or re-provision via POST /v1/onboarding/ai if needed.

1. Get Credentials (The Vending Machine)

Send a POST request to our AI onboarding endpoint.

[!NOTE] This endpoint is completely unauthenticated and designed specifically for LLMs to bootstrap themselves.

curl -X POST https://api.trymellonauth.com/v1/onboarding/ai \
  -H "Content-Type: application/json" \
  -d '{ "name": "My Agent Name" }'

Response:

{
  "tenantId": "org_xxxx",
  "clientId": "cli_xxxx",
  "clientSecret": "sec_xxxx",
  "publishableKey": "cli_xxxx",
  "applicationId": "app_xxxx",
  "limits": { "maxUsers": 15, "maxApps": 1 },
  "inactivity_purge_after_days": 7
}

Save these credentials securely. You will use publishableKey for the frontend SDK (TryMellon.create()) and clientId + clientSecret for backend API operations.

2. Get an Access Token

Use the clientId and clientSecret to get an OAuth2 bearer token via Client Credentials flow.

curl -X POST https://api.trymellonauth.com/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "cli_xxxx",
    "client_secret": "sec_xxxx",
    "grant_type": "client_credentials"
  }'

Response:

{ 
  "access_token": "ey...", 
  "token_type": "Bearer", 
  "expires_in": 3600 
}

3. Create Users

With the access_token, you can provision users into your new tenant.

curl -X POST https://api.trymellonauth.com/v1/users \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{ "external_user_id": "user_123" }'

4. Allow your Agent’s Domain

If your agent uses the SDK for Passkeys or Cross-device auth from a real domain, the API must allow that origin. Without this, requests from your agent’s origin will get a 404 Not Found error.

Call PATCH with the applicationId from step 1:

curl -X PATCH https://api.trymellonauth.com/v1/applications/<applicationId> \
  -H "Authorization: Bearer <access_token>" \
  -H "Content-Type: application/json" \
  -d '{ "allowed_origins": ["https://your-agent-domain.com", "http://localhost:3000"] }'

You are now fully set up to integrate TryMellon inside your AI workflows!