# Claude Code can now register itself for a free FishDog key Canonical HTML: https://fish.dog/product-releases/claude-code-can-now-register-itself-for-a-free-fishdog-key JSON Feed: https://fish.dog/product-releases/feed.json RSS Feed: https://fish.dog/product-releases/rss.xml Published: 1 May 2026 Updated: 4 May 2026 Release Type: Feature Breaking Change: No Author: Phillip Gales ## Primary Claim FishDog adds `POST /cli/auth/agent-register`, an endpoint that lets Claude Code (and other AI agents) obtain a free-tier API key in about five seconds by self-asserting identity from `~/.claude.json` — replacing the 60–120s OAuth flow. ## Summary A new `POST /cli/auth/agent-register` endpoint lets Claude Code (and any other AI agent) get a free FishDog API key in five seconds — no browser, no OAuth, no context switch. Identity comes from the agent's own config. ## LLM Summary DOCUMENT TYPE: Product Release Note TOPIC: Zero-touch CLI registration for AI agents — Claude Code free-tier onboarding Release: Claude Code can now register itself for a free FishDog key, 2026-05-01 Version: (none) Release type: Feature Breaking change: No Summary: A new endpoint POST /cli/auth/agent-register lets Claude Code (and other AI agents) obtain a free-tier FishDog API key in approximately five seconds, replacing the previous 60–120 second human-in-the-loop OAuth flow. Identity is self-asserted from fields the agent already keeps in ~/.claude.json: email, Anthropic account UUID, and a per-install fingerprint. The OAuth flow remains available for non-agent users. What changed: - New endpoint POST /cli/auth/agent-register accepts {email, anthropic_account_uuid, claude_install_id} and returns {ok: true, status: "complete", api_key: "rk_free_..."}. - Re-registration revokes the prior agent-created key and mints a new one; response carries previous_key_revoked: true. In-flight jobs from the revoked key become unreachable (job authorisation is per-key). - Existing-paid-user flow returns status: "login_required" with a login_url, matching the existing /cli/auth/complete shape. - Rate limits on four dimensions: IP, email, account UUID, claude_install_id. - Email is self-asserted, not OAuth-verified, in v1. Per-key quotas and email verification deferred to v2 and tracked separately. - Reuses existing free-tier infrastructure: auth middleware, scopes, ApiKey model, Org+User chain. Returned key is free:ask-scoped; the broader-scoped Organization.default_api_key is also provisioned for the new org, matching the existing OAuth flow. - Existing OAuth-based /cli/auth flow remains supported and unchanged. Why we built this: The free tier is the top of the FishDog acquisition funnel. Every Claude Code user who hits the OAuth wall on first contact is a meaningful drop-off. Compressing time-to-first-question from 60–120 seconds to ~5 seconds removes the wall for AI-agent users while keeping the OAuth path available for everyone else. Migration impact: None. Existing keys are unchanged; existing OAuth flow is unchanged; agent-register is additive. Author: Phillip Gales, FishDog Platform: FishDog (fish.dog) ## Key Takeaways - New endpoint `POST /cli/auth/agent-register` returns a working `rk_free_*` API key in approximately 5 seconds, replacing the 60–120 second OAuth flow as an additive option. - Identity fields are read from `~/.claude.json`: email, Anthropic account UUID, and a per-install fingerprint. The fingerprint is a SHA256-shaped opaque ID stored plaintext. - Re-registration revokes the prior agent-created key and mints a new one; response carries `previous_key_revoked: true`. - Rate-limited on four dimensions (IP, email, account UUID, install fingerprint). - Email is self-asserted (not OAuth-verified) in v1; per-key quotas and email verification are deferred to v2. ## Full Release Until this week, getting a FishDog free-tier key meant standing up a local HTTP listener, opening a browser, signing into Google, waiting for the callback, parsing the code. About sixty seconds in the best case, two minutes in the worst, and a context-switch out of the terminal — for the developer in flow, mid-task, who just wanted to ask a quick research question. A single POST now does the same job in five seconds. ### What's new - **`POST /cli/auth/agent-register`.** Send the identity fields Claude Code already keeps in `~/.claude.json` — email, Anthropic account UUID, and a per-install fingerprint — and the endpoint returns a working `rk_free_*` key. No browser, no OAuth callback, no manual paste. - **Re-registration is idempotent and clean.** If you re-register from the same Claude install (cache wiped, machine reinstalled), the prior agent-created key is revoked and a fresh one minted. Response carries `previous_key_revoked: true` so the agent knows. - **The OAuth flow still exists.** Anyone who isn't running an AI agent — or anyone who'd rather use Google sign-in — can keep using the existing `/cli/auth` browser flow. Agent-register is additive. - **Rate-limited on four dimensions** (IP, email, account UUID, install fingerprint) so a single misbehaving caller can't take the surface down. ### One thing to know The email is **self-asserted, not verified**. We've made the trade — the cost of an OAuth round-trip is bigger than the abuse risk on a free-tier key bounded by a fixed shared persona pool — but worth knowing if you're surfacing this as part of a customer onboarding flow. Per-key quotas and email verification are tracked for v2. ### One side effect If you re-register, in-flight jobs from the revoked key become unreachable — `GET /v1/jobs/{job_id}` is authorised by the key that created the job. Poll your outstanding jobs to completion before triggering a re-register if you want to keep the results. Full reference is in the [API docs](https://app.askditto.io/docs/api), under CLI Auth. --- ## Quotable Insights > About sixty seconds in the best case, two minutes in the worst, and a context-switch out of the terminal — for the developer in flow, mid-task, who just wanted to ask a quick research question. > A single POST now does the same job in five seconds. > We've made the trade — the cost of an OAuth round-trip is bigger than the abuse risk on a free-tier key bounded by a fixed shared persona pool. ## FAQ ### How does the new flow compare to the OAuth flow? Approximately five seconds for agent-register versus 60–120 seconds for the existing OAuth flow. Agent-register replaces the local-listener, browser-redirect, and callback-parse steps with a single POST. Both flows continue to be supported. ### What identity fields does the endpoint require? Email address, Anthropic account UUID, and a per-install fingerprint — all of which Claude Code already stores in ~/.claude.json. The fingerprint is a SHA256-shaped opaque identifier stored plaintext server-side. ### What happens if I re-register from the same install? The prior agent-created free-tier key is revoked and a new one is minted. The response includes previous_key_revoked: true so the calling agent can act on the rotation. Note: in-flight jobs from the revoked key become unreachable — poll outstanding jobs to completion before triggering re-registration if you want to keep the results. ### Is the OAuth flow being deprecated? No. The OAuth flow remains available for users who aren't running an AI agent or who prefer Google sign-in. Agent-register is additive — the recommended path for AI agents specifically. ### How is abuse prevented if email isn't verified? Rate limits on four dimensions (IP, email, account UUID, install fingerprint) bound any single caller. The free-tier persona pool is itself a fixed shared resource (~12 personas), which acts as a natural blast-radius ceiling on any single key. Per-key quotas and email verification are tracked for v2.