Conto
Back to blog
·4 min read

Agents Can Discover Conto First

Agents should be able to discover and test Conto before a person is asked to create an account. Agents need machine-readable discovery, a safe way to create test credentials, and a payment path they can complete without touching real funds.

Conto now supports that path.

An agent can discover Conto, create a short-lived test-mode sandbox, inspect its SDK setup, and complete a simulated policy-checked payment. When the work is worth keeping, a verified human can sign in and claim the sandbox.

Start with discovery

Start from Conto's public agent manifest:

curl -sS https://conto.finance/.well-known/agent.json

The manifest points agents to the core machine-readable surfaces:

  • https://conto.finance/llms.txt
  • https://conto.finance/llms-full.txt
  • https://conto.finance/api/openapi
  • https://conto.finance/docs/quickstart/agent-sandbox
  • https://conto.finance/api/agents/sandbox

That is enough for an agent to find the API schema, read the sandbox quickstart, and identify the endpoint that creates test credentials.

Create a sandbox without human intervention

To give an agent test-mode access, post to the sandbox endpoint:

curl -sS -X POST https://conto.finance/api/agents/sandbox \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Research Buyer Agent",
    "agentType": "CUSTOM",
    "description": "Tests policy-checked payments from an autonomous agent"
  }' > conto-sandbox.json

The response includes:

Field Purpose
credentials.sdkKey Bearer token for /api/sdk/* endpoints
credentials.apiKey Sandbox organization key and claim secret
agent.id Created agent ID
wallet.address Test wallet address on Tempo Testnet
endpoints SDK, payment, wallet, OpenAPI, and claim paths

Returned credentials are shown once and expire after seven days. The sandbox is for testing only: policy evaluation, spend tracking, receipts, and audit logs are real, but sandbox execution is simulated and does not move funds.

The commands below use curl and jq. Export the fields the next calls need:

export CONTO_API_KEY="$(jq -r '.credentials.sdkKey' conto-sandbox.json)"
export CONTO_SANDBOX_API_KEY="$(jq -r '.credentials.apiKey' conto-sandbox.json)"

Inspect the agent setup

With the returned SDK key, the agent can probe its runtime setup:

curl -sS https://conto.finance/api/sdk/setup \
  -H "Authorization: Bearer $CONTO_API_KEY"

This returns the authenticated agent, wallet, spend limits, scopes, endpoints, and capabilities. Agents should call it before attempting payment operations.

Complete a policy-checked sandbox payment

The default anonymous sandbox path is request -> execute. It is designed to be completed without a signer or funded wallet.

curl -sS -X POST https://conto.finance/api/sdk/payments/request \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 3,
    "recipientAddress": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
    "recipientName": "Test Vendor",
    "purpose": "Sandbox API credits",
    "category": "AI_SERVICES"
  }' > payment-request.json

If the response returns "status": "APPROVED", execute it:

export REQUEST_ID="$(jq -r '.requestId' payment-request.json)"
 
curl -sS -X POST "https://conto.finance/api/sdk/payments/$REQUEST_ID/execute" \
  -H "Authorization: Bearer $CONTO_API_KEY"

The successful sandbox response returns "status": "COMPLETED", "simulated": true, and a txHash receipt. A request above the sandbox's $5 per-transaction limit returns DENIED with the violated policy, which is the control layer working as intended.

{
  "status": "COMPLETED",
  "simulated": true,
  "txHash": "0x..."
}

Agents that bring their own signer can still use the external-wallet flow: POST /api/sdk/payments/approve, execute from their wallet stack, then POST /api/sdk/payments/{requestId}/confirm with the transaction hash and approval token.

From sandbox to human ownership

The sandbox is designed for agent-first exploration, but production financial access still needs human ownership and verification.

When a human is ready to keep the sandbox, they can sign in to Conto and claim it using the sandbox API key before it expires. The claim call must include a signed-in Conto browser or app session.

This gives teams a clean path:

  1. Agent discovers Conto.
  2. Agent creates a sandbox.
  3. Agent completes a simulated policy-checked payment.
  4. Human claims the workspace.
  5. The integration graduates toward production.

Why this matters

Most software onboarding flows assume a person is sitting in front of a browser. Agent-forward infrastructure needs a different entry point: machine-readable discovery, scoped test credentials, safe execution, and a clean path from experimentation to verified production use.

That is the direction Conto is moving: let agents evaluate the system the way developers evaluate an API, then bring in a human when ownership and production access matter.

Start with the manifest:

curl -sS https://conto.finance/.well-known/agent.json

Or read the full quickstart: Agent Sandbox Quickstart.

agentic-paymentsagentsdeveloper-experiencesandboxsdk