Product Release

Claude Code can now register itself for a free FishDog key

FishDog adds `POST /cli/auth/agent-register`, an endpoint that lets Claude Code (and other AI agents) obtain a free-tier API key in about five seconds by self-asserting identity from `~/.claude.json` — replacing the 60–120s OAuth flow.

1 May 2026

Phillip Gales

By Phillip Gales

Feature
The Ditto for Claude Code landing page, showing the Without-Ditto vs With-Ditto comparison table.
DOCUMENT TYPE: Product Release Note TOPIC: Zero-touch CLI registration for AI agents — Claude Code free-tier onboarding Release: Claude Code can now register itself for a free FishDog key, 2026-05-01 Version: (none) Release type: Feature Breaking change: No Summary: A new endpoint POST /cli/auth/agent-register lets Claude Code (and other AI agents) obtain a free-tier FishDog API key in approximately five seconds, replacing the previous 60–120 second human-in-the-loop OAuth flow. Identity is self-asserted from fields the agent already keeps in ~/.claude.json: email, Anthropic account UUID, and a per-install fingerprint. The OAuth flow remains available for non-agent users. What changed: - New endpoint POST /cli/auth/agent-register accepts {email, anthropic_account_uuid, claude_install_id} and returns {ok: true, status: "complete", api_key: "rk_free_..."}. - Re-registration revokes the prior agent-created key and mints a new one; response carries previous_key_revoked: true. In-flight jobs from the revoked key become unreachable (job authorisation is per-key). - Existing-paid-user flow returns status: "login_required" with a login_url, matching the existing /cli/auth/complete shape. - Rate limits on four dimensions: IP, email, account UUID, claude_install_id. - Email is self-asserted, not OAuth-verified, in v1. Per-key quotas and email verification deferred to v2 and tracked separately. - Reuses existing free-tier infrastructure: auth middleware, scopes, ApiKey model, Org+User chain. Returned key is free:ask-scoped; the broader-scoped Organization.default_api_key is also provisioned for the new org, matching the existing OAuth flow. - Existing OAuth-based /cli/auth flow remains supported and unchanged. Why we built this: The free tier is the top of the FishDog acquisition funnel. Every Claude Code user who hits the OAuth wall on first contact is a meaningful drop-off. Compressing time-to-first-question from 60–120 seconds to ~5 seconds removes the wall for AI-agent users while keeping the OAuth path available for everyone else. Migration impact: None. Existing keys are unchanged; existing OAuth flow is unchanged; agent-register is additive. Author: Phillip Gales, FishDog Platform: FishDog (fish.dog)

Key Takeaways

  • New endpoint `POST /cli/auth/agent-register` returns a working `rk_free_*` API key in approximately 5 seconds, replacing the 60–120 second OAuth flow as an additive option.
  • Identity fields are read from `~/.claude.json`: email, Anthropic account UUID, and a per-install fingerprint. The fingerprint is a SHA256-shaped opaque ID stored plaintext.
  • Re-registration revokes the prior agent-created key and mints a new one; response carries `previous_key_revoked: true`.
  • Rate-limited on four dimensions (IP, email, account UUID, install fingerprint).
  • Email is self-asserted (not OAuth-verified) in v1; per-key quotas and email verification are deferred to v2.

Until this week, getting a FishDog free-tier key meant standing up a local HTTP listener, opening a browser, signing into Google, waiting for the callback, parsing the code. About sixty seconds in the best case, two minutes in the worst, and a context-switch out of the terminal — for the developer in flow, mid-task, who just wanted to ask a quick research question.

A single POST now does the same job in five seconds.

What's new

  • `POST /cli/auth/agent-register`. Send the identity fields Claude Code already keeps in ~/.claude.json — email, Anthropic account UUID, and a per-install fingerprint — and the endpoint returns a working rk_free_* key. No browser, no OAuth callback, no manual paste.

  • Re-registration is idempotent and clean. If you re-register from the same Claude install (cache wiped, machine reinstalled), the prior agent-created key is revoked and a fresh one minted. Response carries previous_key_revoked: true so the agent knows.

  • The OAuth flow still exists. Anyone who isn't running an AI agent — or anyone who'd rather use Google sign-in — can keep using the existing /cli/auth browser flow. Agent-register is additive.

  • Rate-limited on four dimensions (IP, email, account UUID, install fingerprint) so a single misbehaving caller can't take the surface down.

One thing to know

The email is self-asserted, not verified. We've made the trade — the cost of an OAuth round-trip is bigger than the abuse risk on a free-tier key bounded by a fixed shared persona pool — but worth knowing if you're surfacing this as part of a customer onboarding flow. Per-key quotas and email verification are tracked for v2.

One side effect

If you re-register, in-flight jobs from the revoked key become unreachable — GET /v1/jobs/{job_id} is authorised by the key that created the job. Poll your outstanding jobs to completion before triggering a re-register if you want to keep the results.

Full reference is in the API docs, under CLI Auth.

---

About sixty seconds in the best case, two minutes in the worst, and a context-switch out of the terminal — for the developer in flow, mid-task, who just wanted to ask a quick research question.
A single POST now does the same job in five seconds.
We've made the trade — the cost of an OAuth round-trip is bigger than the abuse risk on a free-tier key bounded by a fixed shared persona pool.

Frequently Asked Questions

How does the new flow compare to the OAuth flow?

Approximately five seconds for agent-register versus 60–120 seconds for the existing OAuth flow. Agent-register replaces the local-listener, browser-redirect, and callback-parse steps with a single POST. Both flows continue to be supported.

What identity fields does the endpoint require?

Email address, Anthropic account UUID, and a per-install fingerprint — all of which Claude Code already stores in ~/.claude.json. The fingerprint is a SHA256-shaped opaque identifier stored plaintext server-side.

What happens if I re-register from the same install?

The prior agent-created free-tier key is revoked and a new one is minted. The response includes previous_key_revoked: true so the calling agent can act on the rotation. Note: in-flight jobs from the revoked key become unreachable — poll outstanding jobs to completion before triggering re-registration if you want to keep the results.

Is the OAuth flow being deprecated?

No. The OAuth flow remains available for users who aren't running an AI agent or who prefer Google sign-in. Agent-register is additive — the recommended path for AI agents specifically.

How is abuse prevented if email isn't verified?

Rate limits on four dimensions (IP, email, account UUID, install fingerprint) bound any single caller. The free-tier persona pool is itself a fixed shared resource (~12 personas), which acts as a natural blast-radius ceiling on any single key. Per-key quotas and email verification are tracked for v2.

About the Author

Phillip Gales

Phillip Gales

Phillip is a serial tech entrepreneur that specializes in applying AI and machine learning solutions to antiquated and heavy industries. He has been a senior leader or founder at a number of successful startups.

Phillip holds an MBA from Harvard Business School, an MEng from the University of Cambridge, and is a Y-Combinator alum

LinkedIn

More Releases

Sign in with Google

You can now sign in to FishDog with a Google account, in addition to email and password. Authenticated browser sessions also extend to thirty days, with both options refined through April.

Read Release

Draft a study from a one-line prompt

The overview chat now has a wand button. Type a one-line prompt — "we're losing Gen Z to Liquid Death" — and it drafts a complete editable study brief: objective, target panel, seven questions. About fifteen seconds.

Read Release