Authorization header server-side, and forwards only the response back to the agent. You approve every new access, see every request in real time, and can revoke any agent in one click.
Introduction
Learn what Sesame is, why it exists, and how the zero-trust brokering model protects your credentials.
Quickstart
Install the CLI and make your first brokered request in under five minutes.
How It Works
Understand Sesame’s zero-trust architecture and credential-injection model.
CLI Reference
Full reference for every
sesame command, flag, and option.Agent Skills
Install the Sesame skill so your AI agent automatically routes calls through the broker.
Integrations
Browse 70+ pre-built provider integrations and MCP server support.
Get Up and Running
Register your device
Generate a cryptographic device identity and link it to your Sesame account:This opens a one-click claim URL in your browser. After approval, your device is registered and ready to broker requests.
Make an authenticated request
Call any API without an API key in sight:Sesame looks up the secret configured for
api.stripe.com, injects the Authorization header, and returns the response.Why Sesame?
Secrets Never Exposed
Credentials are injected at the broker — they never appear in agent prompts, logs, tool arguments, or memory.
Human Approval
Every first access to a new hostname requires your explicit approval via the app or Telegram.
Instant Revocation
Cut off an agent, a single grant, or the entire door in one click — no credential rotation needed.
70+ Providers
Pre-built integrations for Anthropic, Stripe, GitHub, Slack, and dozens more out of the box.
Audit Trail
Immutable logs capture every proxied request, approval, and revocation — with credentials redacted.
MCP Support
Connect MCP servers alongside API keys. Your agent gets the tools, never the tokens.