API Keys, Scopes, and the Prepaid USD Wallet Explained
You need a key to call the Coasty computer use API. The key carries scopes that gate what you can do. Billing happens through a prepaid USD wallet where 1 credit equals $0.01. This guide shows how to create a key, set scopes, and check your balance without hardcoding secrets.
How to create an API key
Keys live at https://coasty.ai/developers/keys. You generate a new key from the dashboard. The key is a long string you store in your environment. Use COASTY_API_KEY to read it in your code. Do not commit the key to source control. The API uses two header formats: X-API-Key or Authorization: Bearer.
# Export your key from the environment
export COASTY_API_KEY="your_key_from_dashboard"
# Example: Create a simple task run with the key
# This uses the /v1/runs endpoint
curl -X POST https://coasty.ai/v1/runs \
-H "X-API-Key: $COASTY_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"machine_id": "machine_12345",
"task": "open browser and navigate to cozy.ai",
"cua_version": "v3"
}'Using scopes to gate permissions
- ●Scopes control which endpoints you can call.
- ●A key may have no scopes, restricting it to read-only operations.
- ●Write operations like POST /v1/runs require a scope that grants write access to runs.
- ●If you try to call a gated endpoint with an insufficient scope, the API returns 403 INSUFFICIENT_SCOPE.
- ●You can create multiple keys with different scopes for different environments.
The prepaid USD wallet
Billing starts with a prepaid USD wallet. Every operation is billed in credits. 1 credit = $0.01. When you call an endpoint, the system deducts credits based on the price table. If you do not have enough credits, you get 402 INSUFFICIENT_CREDITS. You can top up the wallet through the dashboard. No subscription is required.
Idempotency and webhooks
- ●Use an Idempotency-Key header on write operations to safely retry requests.
- ●Webhooks are signed with HMAC on the Coasty-Signature header (t=unix,v1=hex).
- ●The signature lets you verify the request came from Coasty.
- ●Webhooks are useful to receive run events like queued, running, succeeded, or failed.
Keep your COASTY_API_KEY in an environment variable and check your wallet balance before running expensive workflows.
Where this beats brittle automation
Web selectors break when UI changes. API endpoints disappear. With Coasty, your computer use agent sees the screen and acts like a human. It clicks, types, and scrolls based on visual context. Scopes and prepaid billing give you safety and control without locking you into a fixed price or a rigid API surface. Build agents that adapt to real environments.
Start small. Create a key, set the right scopes, load credits, and run your first computer use agent. Get your key at https://coasty.ai/developers and see how much control you can gain.