Getting Started

Add passkey login to your existing auth stack. No migration. No new user model.

Try it now — no account needed

Run this in any project. No dashboard, no credentials, no WebAuthn prompt:

npm install @trymellon/js

import { TryMellon } from '@trymellon/js'

// sandbox: true — works instantly, no account required
const clientResult = TryMellon.create({
  appId: 'sandbox',
  publishableKey: 'sandbox',
  sandbox: true,
})
if (!clientResult.ok) throw clientResult.error
const client = clientResult.value

const result = await client.signUp({ externalUserId: 'user_123' })
if (result.ok) console.log(result.value.sessionToken) // → 'trymellon_sandbox_token'

When you’re ready for production, swap sandbox: true for real credentials.

Sandbox mode returns a fixed token instantly — no API calls, no WebAuthn ceremony, no HTTPS required. Full sandbox docs →

What TryMellon does (and doesn’t do)

Production setup (5 minutes)

1. Get credentials

Go to dashboard → Create app → Add your origin to Allowed origins → copy App ID and Client ID.

Dashboard → SDK config mapping: “App ID” = appId (UUID). “Client ID” = publishableKey (starts with cli_). These are the only two values you need to initialize the SDK.

2. Initialize the client

import { TryMellon } from '@trymellon/js'

const clientResult = TryMellon.create({
  appId: 'your-app-id',        // UUID from dashboard
  publishableKey: 'cli_xxxx',  // Client ID from dashboard
})

if (!clientResult.ok) throw clientResult.error
const client = clientResult.value

3. Register a passkey

const result = await client.signUp({ externalUserId: 'user_123' })
if (result.ok) {
  // Send result.value.sessionToken to your backend
}

4. Authenticate a returning user

const result = await client.signIn({ externalUserId: 'user_123' })
if (result.ok) {
  // Send result.value.sessionToken to your backend
}

5. Validate on your backend

// Your backend — Node.js / Express example
app.post('/api/auth/callback', async (req, res) => {
  const { sessionToken } = req.body
  const apiRes = await fetch('https://api.trymellonauth.com/v1/sessions/validate', {
    headers: { Authorization: `Bearer ${sessionToken}` },
  })
  if (!apiRes.ok) return res.status(401).json({ error: 'Invalid session' })
  const { data } = await apiRes.json()
  // data.valid, data.external_user_id, data.tenant_id, data.app_id
  if (data.valid) {
    // Create your own session/cookie here
  }
})

Full backend patterns → Backend validation

Requirements

Onboard your own tenants (hosted signup)

Building a platform that needs to onboard its own customers onto TryMellon? Use the dedicated hosted signup sub-path. The ceremony runs under trymellon.com so the maintainer passkey is bound to the right origin, and the user lands back on your app when done.

npm install @trymellon/js

import { createPlatform } from '@trymellon/js/platform'

const platform = createPlatform()

const link = await platform.createSignupLink({
  returnUrl: 'https://acme.com/onboarded',
  userRole: 'maintainer',
  prefill: { companyName: 'ACME' },
})

if (link.ok) {
  // Redirect the user, or render link.value.hostedUrl as a QR.
  window.location.href = link.value.hostedUrl
}

When the user completes the ceremony, your server can wait for the terminal state:

const completion = await platform.awaitSignupCompletion(link.value.sessionId, {
  signal: abortController.signal,
})
if (completion.ok) {
  // The hosted page redirected the user to returnUrl; your integration continues.
}

Full guide → Hosted onboarding.

Next steps