Until this week, getting a FishDog free-tier key meant standing up a local HTTP listener, opening a browser, signing into Google, waiting for the callback, parsing the code. About sixty seconds in the best case, two minutes in the worst, and a context-switch out of the terminal — for the developer in flow, mid-task, who just wanted to ask a quick research question.
A single POST now does the same job in five seconds.
What's new
`POST /cli/auth/agent-register`. Send the identity fields Claude Code already keeps in
~/.claude.json— email, Anthropic account UUID, and a per-install fingerprint — and the endpoint returns a workingrk_free_*key. No browser, no OAuth callback, no manual paste.Re-registration is idempotent and clean. If you re-register from the same Claude install (cache wiped, machine reinstalled), the prior agent-created key is revoked and a fresh one minted. Response carries
previous_key_revoked: trueso the agent knows.The OAuth flow still exists. Anyone who isn't running an AI agent — or anyone who'd rather use Google sign-in — can keep using the existing
/cli/authbrowser flow. Agent-register is additive.Rate-limited on four dimensions (IP, email, account UUID, install fingerprint) so a single misbehaving caller can't take the surface down.
One thing to know
The email is self-asserted, not verified. We've made the trade — the cost of an OAuth round-trip is bigger than the abuse risk on a free-tier key bounded by a fixed shared persona pool — but worth knowing if you're surfacing this as part of a customer onboarding flow. Per-key quotas and email verification are tracked for v2.
One side effect
If you re-register, in-flight jobs from the revoked key become unreachable — GET /v1/jobs/{job_id} is authorised by the key that created the job. Poll your outstanding jobs to completion before triggering a re-register if you want to keep the results.
Full reference is in the API docs, under CLI Auth.
---