Skip to main content
Agent registration is in beta.
AI agents like Claude, Cursor, and OpenClaw can register themselves with your Migma account. The agent requests access, you approve it with a short code, and the agent receives its own scoped API key. You never create, copy, or paste a key.

Why use it

No key handling

The agent receives its own key directly. The secret never passes through chat, clipboards, or config files you manage by hand.

You approve every agent

Before any access is granted you see the agent’s name and exactly which permissions it asked for, then confirm with a code only you have.

Scoped access

The key carries only the permissions the agent requested, such as read-only access or sending. Nothing more.

Revoke anytime

Agent keys appear in Settings → API Integration next to your own keys. Delete one and the agent loses access immediately.
This works with any agent that can read a web page. Migma follows the auth.md convention, so agents discover and complete the whole flow on their own.

How it works

1

Your agent asks to connect

While working on your behalf, the agent registers with Migma and shows you a short code together with a link to migma.ai/claim.
2

You review and approve

Open the link, sign in (or create a free account), and enter the code. Migma shows the agent’s name and the permissions it requested before you confirm.
3

The agent picks up its key

Once you approve, the agent automatically receives a scoped API key and continues working. The key is shown to the agent exactly once.

For agents

Everything an agent needs is published at: 
https://api.migma.ai/auth.md
Machine-readable metadata is at https://api.migma.ai/.well-known/oauth-authorization-server. In short: 
# 1. Register intent for the user you act for
curl -X POST https://api.migma.ai/agent/identity \
  -H "Content-Type: application/json" \
  -d '{"type":"service_auth","login_hint":"user@example.com","agent_name":"Claude","scope":"audience:read campaign:read email:send"}'

# 2. Surface claim.user_code and claim.verification_uri_complete to the user

# 3. Poll until approved
curl -X POST https://api.migma.ai/oauth2/token \
  -H "Content-Type: application/json" \
  -d '{"grant_type":"urn:workos:agent-auth:grant-type:claim","claim_token":"<from step 1>"}'
The returned access_token is a standard Migma API key. Use it everywhere a key works: the REST API, the SDK, the CLI, and the MCP server, typically by setting MIGMA_API_KEY.

Security

  • Approval requires a signed-in Migma user entering a short-lived code. The email an agent mentions is display only and grants nothing by itself.
  • Requested scopes are capped to the standard API permissions and shown to you before approval.
  • Codes expire after ten minutes and a registration expires after one hour.
  • The key is delivered to the agent exactly once and is never shown again.
  • Revoke any agent key in Settings → API Integration.