Getting Started

Add passwordless authentication with Passkeys (WebAuthn) to your app in minutes. The TryMellon JavaScript SDK handles the browser flow and returns a sessionToken that your backend validates to create your own session.

What this SDK does

What it does not do

• It does not create user sessions — your backend does.
• It does not replace your auth system — it plugs into it.
• It does not store end users or cookies.

Installation

npm install @trymellon/js

Requirements

Quickstart

0. Get your credentials. Create an application in the TryMellon dashboard (Dashboard → Create app), add your app’s origin to Allowed origins, then copy App ID (UUID) and Client ID (publishable key, starts with cli_). For the deployed TryMellon Landing site, credentials and API URL are configured via environment variables (see the repo documentation).

1. Create a client with those credentials:

import { TryMellon } from '@trymellon/js'

const clientResult = TryMellon.create({
  appId: 'your-app-id-uuid',      // App ID (UUID) from Dashboard → Your app
  publishableKey: 'cli_xxxx',     // Client ID from Dashboard → Your app
})

if (!clientResult.ok) throw clientResult.error;
const client = clientResult.value;

2. Register a passkey (first-time user):

const registerResult = await client.register({ externalUserId: 'user_123' })
if (registerResult.ok) {
  console.log('Session token:', registerResult.value.sessionToken)
}

3. Authenticate (returning user):

const authResult = await client.authenticate({ externalUserId: 'user_123' })
if (authResult.ok) {
  console.log('Session token:', authResult.value.sessionToken)
}

4. Validate on your backend. Send the sessionToken to your backend (e.g. POST /api/login with { sessionToken }). Your backend must call TryMellon with Authorization: Bearer <sessionToken> to GET /v1/sessions/validate; then create your own cookie/session. See Backend validation.

Tip: Use TryMellon.create({ appId, publishableKey }) instead of new TryMellon(...) for startup validation. It returns a Result so you can handle invalid config without try/catch. See API Reference.

Testing without an account (sandbox)

You can try the integration locally without a TryMellon account or real WebAuthn:

• Set sandbox mode: sandbox: true and placeholder appId / publishableKey (e.g. 'sandbox').
• Call register() or authenticate() as usual; they return immediately with a fixed session token.
• Send that token to your backend as in production. Your backend must accept this token only in development — never in production. See Backend validation — Sandbox for the contract and code example.

Demo vs production

The live demo on this site may use a simplified client configuration for the public try-out. For your own app you must use appId and publishableKey from your TryMellon dashboard, as in the Quickstart above.

Billing and plan limits

Only the workspace owner can upgrade or manage the subscription. The owner’s subscription determines this tenant’s plan and limits (e.g. number of apps, user cap such as 100k). If a developer or other team member pays for a plan, that payment does not affect this tenant — the tenant’s limits are tied to the owner’s subscription only.

If your tenant is on the Free (AI) plan (e.g. created via the AI onboarding API) and you reach the user limit, the owner can upgrade from the dashboard: sign in at the TryMellon dashboard, go to Settings → Billing (visible and actionable only to the owner), and click Upgrade to Growth or Upgrade to Scale. No separate API is required; the upgrade applies to the same tenant your AI agent or app uses.

Next steps