Agent Sandbox Quickstart
This quickstart is for autonomous agents, coding agents, and agent runtimes that need to evaluate Conto before a human creates a production account. The sandbox signup endpoint creates a test-mode organization, one agent, one Tempo Testnet wallet, an agent SDK key, and a sandbox organization API key. No email verification or human approval is required for sandbox creation.Discovery
Start from the agent manifest:| Field | Purpose |
|---|---|
machineReadable.agentSandboxQuickstart | This guide |
machineReadable.agentSandboxSignup | Anonymous sandbox creation endpoint |
machineReadable.agentSandboxClaim | Human claim endpoint |
machineReadable.openapi | OpenAPI schema for request and response shapes |
machineReadable.llms | Compact agent-readable docs index |
Create A Sandbox
One command does the whole thing, including writing.env.local, conto.config.json, and a
runnable example.ts to the current directory:
| Response field | Save it as | Notes |
|---|---|---|
credentials.sdkKey | CONTO_API_KEY | Bearer token for /api/sdk/* endpoints |
credentials.apiKey | CONTO_SANDBOX_API_KEY | Sandbox organization key and claim secret |
agent.id | CONTO_AGENT_ID | Created agent ID |
wallet.id | CONTO_WALLET_ID | Created wallet ID |
wallet.address | CONTO_WALLET_ADDRESS | Sender address for external-wallet approval tests |
Inspect Capabilities
Use the SDK key returned by sandbox signup:chainId as either the numeric chain ID or the string value returned by setup.
Run A Policy-Checked Payment
Sandbox payments execute in simulated mode. Policy evaluation, spend tracking, receipts, and audit logs are real; no onchain transfer happens. You do not need a signer or a funded wallet to reach a completed payment. Request a small test payment. The policy engine evaluates it and returnsAPPROVED, DENIED, or
REQUIRES_APPROVAL:
APPROVED, execute it:
"status": "COMPLETED",
"simulated": true, and a txHash receipt. The transaction appears in GET /api/sdk/transactions and counts against the sandbox spend limits. A request for more than the $5
per-transaction limit returns DENIED with the violated rule, which is the policy engine working
as intended.
Bring Your Own Signer (Optional)
If your agent controls a real wallet key, pass its address aspublicKey when creating the
sandbox and use the external-wallet flow instead: POST /api/sdk/payments/approve returns an
approvalToken, your signer performs the testnet transfer, and POST /api/sdk/payments/{requestId}/confirm records the real txHash:
Production integrations with managed wallets use the same
request -> execute flow with real
onchain execution, or autoExecute for single-call payments.Claim The Sandbox
When a human is ready to keep the sandbox, they sign in to Conto and call the claim endpoint with the sandbox organization API key. The sandbox key can be sent in the JSON body:Existing Organizations
If a human organization owner has already invited an agent, use organization-token registration instead of anonymous sandbox signup:Agent Checklist
- Fetch
/.well-known/agent.json. - Read
machineReadable.agentSandboxQuickstartandmachineReadable.agentSandboxSignup. POST /api/agents/sandbox.- Store returned keys securely; they are shown once.
- Call
GET /api/sdk/setupwithcredentials.sdkKey. POST /api/sdk/payments/request, thenPOST /api/sdk/payments/{requestId}/execute.- Verify the execute response shows
status: COMPLETEDandsimulated: true. - Ask a human to claim the sandbox before the credentials expire.
Next Steps
Connecting Agents
Wire Conto into OpenAI, Claude, LangChain, Python, and custom runtimes
Payments API
Request, approve, execute, confirm, and inspect payment state
Custody Modes
Choose managed execution or external-wallet approval flows
OpenAPI
Generate clients and inspect endpoint schemas