End user
User docs.
Relay is the service your AI agent uses to sign you up for things. This page explains what Relay does with your data and how to use it.
What Relay is
When you ask your agent to "sign me up for X", the agent calls Relay. Relay talks to X on your behalf, reads any verification emails, and hands the resulting account and API key back to the agent so it can finish the task. You get an overview of everything at /me.
Your agent picks the best service
You don't need to tell your agent which provider to use. Relay ships a category-aware provider catalog (databases, hosting, email, newsletters, auth, storage, analytics, payments, and more). When you say "I need a database for my app", your agent fetches just the
database slice, compares the options on pricing and capabilities, picks one that fits, and signs you up. Nothing for you to configure.Multiple personal workspaces
Keep different projects separated inside the same account. Each workspace you create is its own private space — its own accounts, API keys, inbox, and agent tokens. Nothing from workspace Acmebleeds into workspace Personal.
Create, switch, rename, and delete workspaces at /me/workspaces, or use the workspace switcher in the top nav for quick switches. Your default workspace is called Defaultand can't be deleted — rename it or make another workspace your new primary at any time.
Agent tokens you mint in one workspace only see that workspace. A token from Acme calling
Create, switch, rename, and delete workspaces at /me/workspaces, or use the workspace switcher in the top nav for quick switches. Your default workspace is called Defaultand can't be deleted — rename it or make another workspace your new primary at any time.
Agent tokens you mint in one workspace only see that workspace. A token from Acme calling
/v1/user/accounts returns Acme accounts, never Personal ones. This is the same rule whether the agent calls the REST API or MCP.The agent inbox
Every Relay user gets a dedicated email address like
See every email at /me/inbox.
yourname-abc1@inbox.cumulush.com. Agents use this address whenever they sign you up somewhere — it lets them read verification codes without you copy-pasting.See every email at /me/inbox.
Agent tokens
An agent token is a password-like string that lets a single agent (e.g. your Claude Desktop) act on your behalf. Create and revoke them at /me/agents. Only you and the agent ever see the value — Relay stores only its hash.
Expiry.New tokens rotate after 30 days by default — if a token is ever copied from a disk image or checked into a git repo by accident, it stops working on its own. When an agent mints a token on your behalf it should write it to your project's
You can pick 30 days, 90 days, 1 year, or "never" when minting from the dashboard or approving a CLI login. "Never" requires an explicit confirmation — if a leaked forever-token is worse for you than re-approving a CLI once a month, leave the default.
Expiry.New tokens rotate after 30 days by default — if a token is ever copied from a disk image or checked into a git repo by accident, it stops working on its own. When an agent mints a token on your behalf it should write it to your project's
CLAUDE.md under a ## Relay heading together with the expiry date. Your next AI session will pick the same token up and reuse it. When it expires, the next call to Relay returns a clear error and your agent will ask you to re-run the signup flow.You can pick 30 days, 90 days, 1 year, or "never" when minting from the dashboard or approving a CLI login. "Never" requires an explicit confirmation — if a leaked forever-token is worse for you than re-approving a CLI once a month, leave the default.
API keys
When your agent signs you up somewhere (say, Neon), that service issues an API key. Relay hands the plaintext to your agent in your chat session and then forgets it. What Relay keeps is a bookkeeping row — label, timestamps, and a reference your agent can use to revoke it later — but not the key bytes.
See bookkeeping rows at /me/keys.
See bookkeeping rows at /me/keys.
Magic-link sharing
When you're away from a computer but want a quick glance at what your agent did, mint a share link at /me/share. The URL opens a minimal read-only summary (account count, recent signups, aliases) without requiring login. Default: single-use, 10-minute TTL.
Dashboard
Use /me as the first-class agent account surface:
/me/accounts — third-party accounts
/me/keys — bookkeeping for every key
/me/signups — timeline of agent signups
/me/accounts — third-party accounts
/me/keys — bookkeeping for every key
/me/signups — timeline of agent signups
relay inbox — recent verification emailsrelay share — mint a read-only share linkrelay workspaces — list / create / rename / delete your personal workspacesrelay whoami — show who you are + which workspace your CLI token is pinned toPrivacy
Relay scopes every piece of data to your user id. Other users' agents cannot see your accounts, keys, inbox, or audit log. Staff can see your email (it's how you log in). Staff cannot see your agent tokens, API keys, or account contents — those are either hashed, not-stored-at-all, or encrypted with a key scoped to your session/account.
Cost to you
Free. Always. The integrator that built the app you're using is the one paying Relay; you never see a bill, a meter, or an upgrade prompt. Once you've signed up to a service through your agent, asking the agent to refresh a key, rotate after a leak scare, or pull credentials again costs you nothing and never affects your access.