API Keys, Scopes, and the Prepaid USD Wallet Explained
Every computer use agent needs a way to authenticate and pay for operations. You should never hardcode keys or rely on a single global key for all your applications. Use scoped keys tied to specific resources and a prepaid USD wallet to cap costs. This guide shows how to set up keys, manage scopes, and track spend with real API calls.
API keys and authentication
Coasty uses API keys for authentication. You set the key in an environment variable named COASTY_API_KEY and send it as the X-API-Key header on every request. The base URL for all endpoints is https://coasty.ai/v1. Authorization with a Bearer token is also supported, but the recommended pattern is X-API-Key. Keys are managed at https://coasty.ai/developers/keys .
# Set your key in the environment
export COASTY_API_KEY=sk_live_1234567890abcdef
# Create a session using the authenticated key
# POST /v1/sessions
curl -X POST https://coasty.ai/v1/sessions \
-H "X-API-Key: $COASTY_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"task": "open chrome and navigate to cozy.ai",
"cua_version": "v4"
}'Scoped keys and permissions
Keys can be scoped to limit what they can access. Scopes define which resources and actions a key is allowed to perform. Common scopes include machine management, workflow execution, and runs. When a key lacks the required scope, the API returns a 403 INSUFFICIENT_SCOPE error. Always request the minimal scope needed for each key to reduce attack surface.
Read COASTY_API_KEY from the environment and use X-API-Key: $COASTY_API_KEY on every request.
Prepaid USD wallet and billing
Coasty uses a prepaid USD wallet. You top up the wallet with dollars and spend credits on operations. One credit equals one cent. Operations are billed per step. For example, POST /v1/runs costs $0.05 per agent step. The wallet balance is checked before each request; if you lack credits, the API returns a 402 INSUFFICIENT_CREDITS error. You can monitor your balance with GET /v1/machines or by checking your account dashboard.
Where this beats brittle automation
API-only tools often require brittle selectors and frequent updates when UI changes. A computer use agent sees the screen, understands context, and acts like a human. Keys and scopes let you secure these agents against misuse while keeping costs predictable. Prepaid credits ensure you only pay for what you actually run, avoiding surprise bills.
Set scoped keys tied to specific resources, read COASTY_API_KEY from your environment, and top up a prepaid USD wallet. This gives you secure, predictable billing for your computer use agents. Visit https://coasty.ai/developers to generate your first key and start building.