Getting Started
Add passkey login to your existing auth stack. No migration. No new user model.
Try it now — no account needed
Run this in any project. No dashboard, no credentials, no WebAuthn prompt:
npm install @trymellon/jsimport { TryMellon } from '@trymellon/js'
// sandbox: true — works instantly, no account required
const clientResult = TryMellon.create({
appId: 'sandbox',
publishableKey: 'sandbox',
sandbox: true,
})
if (!clientResult.ok) throw clientResult.error
const client = clientResult.value
const result = await client.signUp({ externalUserId: 'user_123' })
if (result.ok) console.log(result.value.sessionToken) // → 'trymellon_sandbox_token'When you’re ready for production, swap sandbox: true for real credentials.
Sandbox mode returns a fixed token instantly — no API calls, no WebAuthn ceremony, no HTTPS required. Full sandbox docs →
What TryMellon does (and doesn’t do)
| Does | Doesn’t |
|---|---|
| Handles the full WebAuthn browser flow | Create user sessions — your backend does |
Returns a sessionToken your backend validates | Replace your auth system — it plugs into it |
| Cross-device QR login out of the box | Store end users or passwords |
| Email OTP fallback when WebAuthn unavailable | Touch your existing user model |
Production setup (5 minutes)
1. Get credentials
Go to dashboard → Create app → Add your origin to Allowed origins → copy App ID and Client ID.
Dashboard → SDK config mapping: “App ID” =
appId(UUID). “Client ID” =publishableKey(starts withcli_). These are the only two values you need to initialize the SDK.
2. Initialize the client
import { TryMellon } from '@trymellon/js'
const clientResult = TryMellon.create({
appId: 'your-app-id', // UUID from dashboard
publishableKey: 'cli_xxxx', // Client ID from dashboard
})
if (!clientResult.ok) throw clientResult.error
const client = clientResult.value3. Register a passkey
const result = await client.signUp({ externalUserId: 'user_123' })
if (result.ok) {
// Send result.value.sessionToken to your backend
}4. Authenticate a returning user
const result = await client.signIn({ externalUserId: 'user_123' })
if (result.ok) {
// Send result.value.sessionToken to your backend
}5. Validate on your backend
// Your backend — Node.js / Express example
app.post('/api/auth/callback', async (req, res) => {
const { sessionToken } = req.body
const apiRes = await fetch('https://api.trymellonauth.com/v1/sessions/validate', {
headers: { Authorization: `Bearer ${sessionToken}` },
})
if (!apiRes.ok) return res.status(401).json({ error: 'Invalid session' })
const { data } = await apiRes.json()
// data.valid, data.external_user_id, data.tenant_id, data.app_id
if (data.valid) {
// Create your own session/cookie here
}
})Full backend patterns → Backend validation
Requirements
| Browser | Chrome, Safari, Firefox, Edge (WebAuthn support) |
| HTTPS | Required in production — localhost works for dev |
| Account | Free — create one here |
Next steps
| Sandbox mode | Build your UI before creating an account |
| Register & Authenticate | Full options and error handling |
| Backend validation | Validate session tokens server-side |
| Cross-device QR | Desktop → mobile login flow |
| API Reference | Complete SDK reference |