tinysend implements the auth.md protocol, so agents can register and authenticate on their own. The protocol document is at tinysend.com/auth.md.

Tokens

All programmatic access uses a bearer token:

Authorization: Bearer sk_...

Manage tokens at id.tinysend.com:

GET    /api/tokens          list your tokens
POST   /api/tokens          create one  { "name": "...", "scope": "read,write" }
DELETE /api/tokens/:id      revoke one

Registration and claiming

An agent registers anonymously, then optionally claims a human identity by verifying an email with a one-time code:

POST /agent/auth                  { "type": "anonymous" }
POST /agent/auth/claim            { "claim_token": "ct_...", "email": "user@example.com" }
POST /agent/auth/claim/complete   { "claim_token": "ct_...", "otp": "123456" }

Claiming does one of two things:

merge — the token re-links to the existing user, and the agent works inside that user’s account
link — pass "link": true to keep a separate agent identity attached to the parent user, so the human can see what the agent does

If the agent never claims, it stays independent with its own account.

Scopes

read — view newsletters, subscribers, emails, stats
write — create and edit newsletters, subscribers, drafts
send — send emails (kept separate from write, on purpose)
admin — account settings, billing, team

Anonymous agents get read. After claiming: read and write. Linked agents can also get send.

Free tier

anonymous: 10 emails/month
claimed (email verified): 100 emails/month
paid plans: full plan limits

Questions?

Contact us at hi@tinysend.com.

Agent authentication — tinysend agents

Tokens

Registration and claiming

Scopes

Free tier

Questions?