Back to Blog
Feature May 31, 2026

How AI agents self-register for PageBolt — no signup form

PageBolt now implements auth.md: an AI agent can obtain its own API key on a user's behalf through an emailed one-time code — no signup form to fill, and a human kept firmly in the loop.

Agents are getting good at doing real work on the web. But there's a wall they keep hitting before they even start: credentials.

Almost every API on the internet assumes a human will visit a website, fill out a signup form, verify an email, and copy a key into a config file. An autonomous agent can't do any of that. So today people paste their own keys into agent configs, share keys across tools, or wire up brittle headless-browser scripts that try to click through a signup page. None of it is good — keys leak, scopes are all-or-nothing, and there's no record of which agent got access.

auth.md: a signup flow built for agents

auth.md is an open protocol from WorkOS that defines how an AI agent can register itself with a service and obtain a credential — with a real human approving the request. PageBolt now speaks it.

The core idea is simple: the agent starts the registration, but it can't finish alone. A person has to confirm, out-of-band, that they actually want this agent to have access. PageBolt does that with an emailed one-time code (OTP): the agent never sees the code directly — the user reads it from their own inbox and hands it back.

How it works, end to end

1. The agent discovers that registration is possible. On any 401 from the API, PageBolt returns a WWW-Authenticate header pointing at its discovery document:

WWW-Authenticate: Bearer resource_metadata="https://pagebolt.dev/.well-known/oauth-protected-resource"

From there the agent reads /.well-known/oauth-authorization-server, which advertises an agent_auth block describing the supported method (an emailed identity assertion) and where to register. There's also a human-readable companion at /auth.md.

2. The agent registers with the user's email. One POST, and PageBolt emails the user a secure link. The response carries a claim_token — but no credential yet:

curl -X POST https://pagebolt.dev/agent/auth \
  -H "Content-Type: application/json" \
  -d '{
    "type": "identity_assertion",
    "assertion_type": "verified_email",
    "assertion": "you@example.com",
    "requested_credential_type": "api_key"
  }'
{
  "registration_id": "reg_...",
  "registration_type": "email-verification",
  "claim_token": "clm_...",
  "claim_token_expires": "2026-06-07T00:00:00.000Z",
  "post_claim_scopes": ["capture:full"]
}

3. The human approves. The user opens the emailed link and sees a 6-digit code on a PageBolt page. They read it back to the agent. The agent never receives the code any other way — so a person genuinely has to be present and willing.

4. The agent claims the key. It submits the claim_token plus the code the user gave it:

curl -X POST https://pagebolt.dev/agent/auth/claim/complete \
  -H "Content-Type: application/json" \
  -d '{ "claim_token": "clm_...", "otp": "123456" }'
{
  "status": "claimed",
  "credential_type": "api_key",
  "credential": "pf_live_...",
  "credential_expires": null,
  "scopes": ["capture:full"]
}

That's it. The agent now holds a real PageBolt key and can call all 11 APIs — screenshots, PDFs, observation, sequences, video, and the rest.

Security was the whole point

Letting software mint credentials is exactly the kind of feature that goes wrong if you're casual about it. So the flow is built defensively:

  • A human is always in the loop. No code is ever created until someone reads an OTP from their own inbox and provides it. The code lives only on a page reached through the emailed link — never in the email body itself.
  • Secrets are stored hashed. The claim token, the email link token, and the OTP are bearer secrets kept only as SHA-256 hashes; each plaintext value leaves the server exactly once. Code comparison is timing-safe and attempts are capped.
  • Existing accounts get notified. If an agent mints a key onto an email that already has a PageBolt account, the owner gets an email about it — so an unwanted request is visible and revocable in Settings.
  • Rate limited end to end. Registration, the OTP page, and claim completion are all throttled per IP, and a single email address can only be sent a limited number of claim links per hour.

It pairs with everything else agents do on PageBolt

Self-registration closes the last gap in an end-to-end agent loop. An agent can now get its own key (auth.md), observe any page into a compact, token-budgeted structure, and act on it with sequences — including the new press_key action for dismissing popovers and submitting forms, and a session_id for perceiving a live session mid-flow. If you drive PageBolt through the pagebolt-mcp server, all of this is available to Claude, Cursor, and Windsurf directly.

Availability

auth.md agent self-registration is live now at pagebolt.dev/auth.md. Keys issued this way work on every plan, including the free tier. If you're building an agent, point it at the discovery document and let it register itself — the way agents should.

Try it free — 100 requests/month, no credit card. → pagebolt.dev

Get Started Free

100 requests/month, no credit card

Screenshots, PDFs, video recording, agent observation, and browser automation — one key, eleven APIs, no headless browser to manage.

Get Your Free API Key →
All posts API docs →