API keys, scopes, and the prepaid USD wallet explained
Your automation needs to stay within boundaries. You cannot give a single key all permissions. You also cannot run on a per-call basis with a credit card. The Coasty Computer Use API solves both problems with scoped keys and a prepaid USD wallet. You create a key with a specific scope. You fund a wallet in USD. Every request deducts credits. You only pay for successful agent steps, not API calls. This guide shows how to set up scoped keys, fund the wallet, and use webhooks and idempotency for production safety.
API keys and scopes
Every request to Coasty requires an API key. Send it as the X-API-Key header. The key belongs to a user account and has a set of scopes. Scopes gate what operations the key can perform. For example, a key with scope runs:write can create task runs but cannot list them. The API returns a 403 INSUFFICIENT_SCOPE error if a request tries to use an operation outside the key’s scope. This lets you give different keys to different environments, teams, or tools while keeping a single user account for billing.
The prepaid USD wallet
Coasty charges from a prepaid USD wallet, not a credit card. One credit equals one cent. You transfer USD into the wallet. The wallet balance decreases for every charged operation. Vision requests cost 5 credits. Task run steps cost 5 credits. Sessions and sessions/{id}/predict cost 4 credits. Ground requests cost 3 credits. Parse is free. The wallet also powers idempotent writes and webhook delivery. Idempotency-Key header makes retries safe. Webhooks carry an HMAC signature (Coasty-Signature header) to prevent tampering. The wallet ensures you never exceed your budget and gives you full control over spending.
Managing task runs and billing
Task runs are the primary way to drive an agent. You POST /v1/runs with machine_id, task, cua_version, and optional fields like instructions, system_prompt, max_steps, deadline_seconds, on_awaiting_human, and webhook_url. Each agent step consumes 5 credits. The run states, queued, running, awaiting_human, succeeded, failed, cancelled, timed_out, track progress. You can list runs with GET /v1/runs or inspect a specific run with GET /v1/runs/{id}. Cancel a run with POST /v1/runs/{id}/cancel or resume it with POST /v1/runs/{id}/resume. The wallet balance updates after each run completes, so you always know your remaining credits.
Webhooks and idempotency
Production systems need reliable delivery and duplicate prevention. Coasty sends webhook payloads to the webhook_url you specify in a run. The payload includes run state changes. The Coasty-Signature header contains a HMAC signature with a timestamp and hex digest. Your server verifies the signature to ensure the request is authentic. For write operations, include an Idempotency-Key header. Coasty returns the same response for repeated requests with the same key, preventing duplicate processing. Both features rely on the prepaid wallet, webhooks and idempotent writes only succeed if you have sufficient credits.
Workflows and machine provisioning
Workflows let you define multi-step automation in a JSON DSL. You create a workflow with POST /v1/workflows and then run it with POST /v1/workflows/{id}/runs. Workflows can include task steps, assert steps, conditionals, loops, parallel branches, human approval, retries, succeed, or fail. Task steps in workflows also cost 5 credits each. Machines are cloud VMs you provision with POST /v1/machines. The agent drives real desktops, browsers, and terminals. Machine management (start, stop, snapshot) works independently of the prepaid wallet but still requires a key with appropriate scopes.
MCP integration
You can also drive Coasty from Cursor, Claude Desktop, or other MCP clients using the MCP server. The MCP server exposes the same API keys and scopes to your editor. This lets you compose computer use agents with other AI tools while keeping billing centralized in the Coasty wallet. Scope boundaries apply uniformly whether you call the API directly or through the MCP client.
Use scoped keys to limit permissions and a prepaid USD wallet to control costs per agent step.
Where this beats brittle automation
Traditional automation relies on brittle selectors and fixed API endpoints. A UI change breaks your script. Coasty’s computer use agent sees the screen and acts like a human. It clicks, types, and navigates based on natural language instructions. This works across browsers, desktop apps, and terminals without hard-coded selectors. Combined with scoped keys and prepaid billing, you get safe, predictable, and scalable automation that adapts to real systems.
You now have a clear picture of how scoped keys and the prepaid USD wallet protect your automation. Create a key at https://coasty.ai/developers, set its scope, fund your wallet, and start building with the Coasty Computer Use API. Try a simple task run, then move on to workflows and MCP integration for more advanced agent pipelines.