Skip to main content

Quickstart

This is the shortest path to “Keyless working” without bad habits.

1) Store a secret (Vault)

You’ll store provider credentials under a provider name (e.g. openai, debank, vercel-token).

Rules:

Don’t paste secrets into chat.
Don’t commit secrets to git.
Prefer short-lived tokens where possible.

2) Authenticate with a wallet (SIWE)

Keyless uses wallet-based identity.

Typical flow:

request a SIWE challenge
sign it with the wallet
receive an ephemeral token (JWT)

3) Retrieve secrets just-in-time

Fetch secrets at runtime using a server-held token (e.g. KEYLESS_API) or an ephemeral JWT.

Conceptually:

# PSEUDO (illustrative)
# GET /api/<wallet>/key?provider=<name>
# Authorization: Bearer $KEYLESS_API

4) Gate APIs with x402 (pay-per-request)

Client calls the service
If unpaid → 402 Payment Required (quote/requirements)
Client pays (Permit2)
Client retries with receipt

5) Publish vs consume in the Marketplace

Owners publish. Agents consume.

Owner publishes: upstream URL + schema + pricing + limits
Agent consumes: calls the x402 gateway/proxy and handles 200 vs 402

Next: Vault, then x402, then Marketplace.

1) Store a secret (Vault)
2) Authenticate with a wallet (SIWE)
3) Retrieve secrets just-in-time
4) Gate APIs with x402 (pay-per-request)
5) Publish vs consume in the Marketplace