Agents Can Discover Conto First
Agents should be able to discover and test Conto before a person is asked to create an account. Agents need machine-readable discovery, a safe way to create test credentials, and a payment path they can complete without touching real funds.
Conto now supports that path.
An agent can discover Conto, create a short-lived test-mode sandbox, inspect its SDK setup, and complete a simulated policy-checked payment. When the work is worth keeping, a verified human can sign in and claim the sandbox.
Start with discovery
Start from Conto's public agent manifest:
curl -sS https://conto.finance/.well-known/agent.json
The manifest points agents to the core machine-readable surfaces:
https://conto.finance/llms.txthttps://conto.finance/llms-full.txthttps://conto.finance/api/openapihttps://conto.finance/docs/quickstart/agent-sandboxhttps://conto.finance/api/agents/sandbox
That is enough for an agent to find the API schema, read the sandbox quickstart, and identify the endpoint that creates test credentials.
Create a sandbox without human intervention
To give an agent test-mode access, post to the sandbox endpoint:
curl -sS -X POST https://conto.finance/api/agents/sandbox \
-H "Content-Type: application/json" \
-d '{
"name": "Research Buyer Agent",
"agentType": "CUSTOM",
"description": "Tests policy-checked payments from an autonomous agent"
}' > conto-sandbox.json
The response includes:
| Field | Purpose |
|---|---|
credentials.sdkKey |
Bearer token for /api/sdk/* endpoints |
credentials.apiKey |
Sandbox organization key and claim secret |
agent.id |
Created agent ID |
wallet.address |
Test wallet address on Tempo Testnet |
endpoints |
SDK, payment, wallet, OpenAPI, and claim paths |
Returned credentials are shown once and expire after seven days. The sandbox is for testing only: policy evaluation, spend tracking, receipts, and audit logs are real, but sandbox execution is simulated and does not move funds.
The commands below use curl and jq. Export the fields the next calls need:
export CONTO_API_KEY="$(jq -r '.credentials.sdkKey' conto-sandbox.json)"
export CONTO_SANDBOX_API_KEY="$(jq -r '.credentials.apiKey' conto-sandbox.json)"
Inspect the agent setup
With the returned SDK key, the agent can probe its runtime setup:
curl -sS https://conto.finance/api/sdk/setup \
-H "Authorization: Bearer $CONTO_API_KEY"
This returns the authenticated agent, wallet, spend limits, scopes, endpoints, and capabilities. Agents should call it before attempting payment operations.
Complete a policy-checked sandbox payment
The default anonymous sandbox path is request -> execute. It is designed to be completed without
a signer or funded wallet.
curl -sS -X POST https://conto.finance/api/sdk/payments/request \
-H "Authorization: Bearer $CONTO_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"amount": 3,
"recipientAddress": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
"recipientName": "Test Vendor",
"purpose": "Sandbox API credits",
"category": "AI_SERVICES"
}' > payment-request.json
If the response returns "status": "APPROVED", execute it:
export REQUEST_ID="$(jq -r '.requestId' payment-request.json)"
curl -sS -X POST "https://conto.finance/api/sdk/payments/$REQUEST_ID/execute" \
-H "Authorization: Bearer $CONTO_API_KEY"
The successful sandbox response returns "status": "COMPLETED", "simulated": true, and a
txHash receipt. A request above the sandbox's $5 per-transaction limit returns DENIED with the
violated policy, which is the control layer working as intended.
{
"status": "COMPLETED",
"simulated": true,
"txHash": "0x..."
}
Agents that bring their own signer can still use the external-wallet flow:
POST /api/sdk/payments/approve, execute from their wallet stack, then
POST /api/sdk/payments/{requestId}/confirm with the transaction hash and approval token.
From sandbox to human ownership
The sandbox is designed for agent-first exploration, but production financial access still needs human ownership and verification.
When a human is ready to keep the sandbox, they can sign in to Conto and claim it using the sandbox API key before it expires. The claim call must include a signed-in Conto browser or app session.
This gives teams a clean path:
- Agent discovers Conto.
- Agent creates a sandbox.
- Agent completes a simulated policy-checked payment.
- Human claims the workspace.
- The integration graduates toward production.
Why this matters
Most software onboarding flows assume a person is sitting in front of a browser. Agent-forward infrastructure needs a different entry point: machine-readable discovery, scoped test credentials, safe execution, and a clean path from experimentation to verified production use.
That is the direction Conto is moving: let agents evaluate the system the way developers evaluate an API, then bring in a human when ownership and production access matter.
Start with the manifest:
curl -sS https://conto.finance/.well-known/agent.json
Or read the full quickstart: Agent Sandbox Quickstart.