caputchin
All docs
View raw .md

Sign up and sign in

Create a caputchin account and start managing site keys. The conceptual reference for what's happening behind the scenes is account-login.

Sign up (first time)

There is no separate "sign up" step. Signing in for the first time with a given email creates the account.

  1. Go to https://app.caputchin.com/login (or /login on whichever host you're running).
  2. Pick one of:
    • Email a sign-in link — enter your email, click the button, wait for the email. Click the link inside it within 15 minutes.
    • Continue with GitHub — consent to the GitHub OAuth prompt. We read your primary verified email and nothing else.
    • Continue with Google — consent to the Google OAuth prompt. We read your verified email and nothing else.
  3. You land in the dashboard at /app. Your account exists.

Sign in (returning)

Same three paths. We match you by email — whichever path you used first time, any of the three works for subsequent sign-ins as long as the email matches.

Mint a site key

  1. From the dashboard, navigate to Sites.
  2. Click New site.
  3. Enter a friendly name and (optionally) a domain allowlist.
  4. The platform returns a cpt_pub_* public key and a cpt_sec_* secret. The secret is shown once. Copy it now; you can rotate it later but you can't recover the original.

Use the public key in the widget sitekey attribute and the secret in your backend's /siteverify call — see guides/integrate-widget and guides/verify-server-side.

Sign out

Click Sign out in the dashboard sidebar. The browser's session cookie is cleared and the corresponding session row in our database is deleted — the cookie is dead immediately on the next request, not at some TTL boundary.

Mint a Personal Access Token (for OpenAPI / MCP / Terraform)

Once signed in:

  1. Navigate to Tokens.
  2. Click New token, name it (e.g. ci-deploy, terraform-prod), and click create.
  3. The platform returns a cpt_pat_* value. Shown once. Copy it into your CI secrets / .envrc / Terraform caputchin_provider config.

Authenticate non-UI traffic with Authorization: Bearer cpt_pat_*. See management-api for the surface that accepts it.

Troubleshooting

Symptom Likely cause Fix
"Email me a sign-in link" succeeds but no email arrives Spam folder, or the email address is mistyped Check spam; wait 60 seconds (rate-limit) then retry with the corrected address
"That sign-in link has expired" Clicked > 15 minutes after we sent it Request a fresh link
"That sign-in link has already been used" You clicked it on phone, then again on laptop Request a fresh link — single-use is intentional
"Your provider account doesn't have a verified email" GitHub/Google primary email isn't verified on the provider side Verify it with the provider, OR use a magic-link to the same address
"This provider account is already linked to a different caputchin account" The same GitHub/Google account was previously used to sign in under a different email Sign in with the original email; we don't silently re-bind providers
Locked out — lost access to my email Out-of-band recovery only at MVP Contact support

What's intentionally absent

  • No password to set or remember.
  • No "remember this device" / persistent cookie option distinct from the default 30-day rolling session.
  • No multi-user account model. One account = one email = one user at MVP.
  • No SSO / SAML / SCIM at MVP. Deferred to Enterprise — see roadmap.