
All customer stories
Authenticating AI agents via CLI: How Crossmint uses Stytch Connected Apps
CLI-native auth, built for agents: Crossmint used Stytch Connected Apps to build a UI-less auth flow for developers and AI agents—enabling secure, automated project provisioning via CLI.
Secure, scalable automation: Scoped, short-lived tokens replaced .env secrets, cutting setup time from ~5 minutes to under 60 seconds, with zero leaked secrets.
Built for the future: With MCP support underway, Crossmint is enabling agents to self-auth and act autonomously—backed by Stytch’s developer-first infrastructure.
Crossmint is developer-first infrastructure for crypto and payments — powering apps where both humans and AI agents interact with blockchains and digital assets.
As their developer audience grew, Crossmint needed a way to automate project setup and credential provisioning — without relying on UI workflows.
They turned to Stytch's Connected Apps to build a CLI- native authentication flow — no dashboards, no manual steps, just secure automation.
Why Stytch
Crossmint had already adopted Stytch as an identity platform — but Connected Apps unlocked a new model that went beyond dashboards and logins. They chose to double down on Stytch for a few key reasons:
- Auth without a UI – Most auth providers assume an auth workflow that includes a screen. Stytch infrastructure is more flexible, making it easy to embed auth flows into the CLI.
- Fast to implement – From first commit to authenticating agents in under 15 days.
- Designed for authorizing agents – Designed for short-lived, scoped access — ideal for autonomous agents and LLM-native workflows.
- Future-ready - A platform that evolves and improves over time to address rapidly changing AI agent standards and best practices—all without distracting Crossmint’s engineering team.
The challenge: Make auth invisible (but secure)
Crossmint’s dashboard already allowed developers to create projects and generate API keys.
However, AI agents weren’t able to log into dashboards, click buttons, check emails, or manually copy API keys into .env
files. Their requirements included:
- A UI-less auth flow (CLI or API only)
Scoped, short-lived access — no
.env
files or credential sprawl- Auditability — every key and action traceable
- A setup that’s scalable and automated
The question became: How do you entirely provision new projects without a human in the loop– while keeping full control of identity, access, and risk?
Stytch made it easy to build a CLI-first auth experience built for agents, not dashboards. Platforms like Cursor, Devin, Claude Code, and Windsurf can now spin up projects and API keys without ever touching a UI.

Stytch made it easy to build a CLI-first auth experience built for agents, not dashboards. Platforms like Cursor, Devin, Claude Code, and Windsurf can now spin up projects and API keys without ever touching a UI.

The solution: CLI-integrated OAuth with Stytch Connected Apps
By integrating the Stytch Node SDK into their CLI tool, whenever a developer or agent runs crossmint init
, the following flows occur
- OAuth device code flow initiates: Running
crossmint login
triggers a Stytch auth flow where the developer signs in via browser. Once verified, the agent is authenticated on their behalf. - Stytch issues a scoped token: With a short lived token, tied to a specific user account, there is no need to copy or paste long-lived secrets
- Autonomous agents can then provision Crossmint projects and resources: The access token returned by Stytch is persisted on disk. A human or agent operator can then use it with Crossmint’s backend to create and configure everything needed– including billing, keys, etc.
This workflow supports any kind of project, including those that power AI-native applications.
The results: Frictionless, secure automation—no UI required
Two weeks after launch:
- Setup time dropped from ~5 minutes to under 60 seconds
- 0 leaked secrets — Stytch’s token-based model eliminated
.env
risk
Looking ahead: Standardizing agent auth with MCP
With the CLI infrastructure in place, Crossmint is now exploring how AI agents can interact with it autonomously. Specifically, the Model Context Protocol (MCP) — an open standard for interfacing with LLMs, alongside Stytch Connected Apps.
This unlocks new use cases where:
- LLMs guide developers in using the CLI to spin up secure infrastructure
- AI agents self-register as Connected Apps via MCP servers.
- Agent-triggered project creation happens securely, without relying on human intervention.
With MCP + Stytch, agents can connect, authenticate, and act on Crossmint – all with predictable, scoped access and full auditability.
Within two weeks of launching with Stytch, we cut coding agent quickstart times by 90%. This integration is key to enabling coding agents to build with Crossmint’s APIs, no human intervention required.

Within two weeks of launching with Stytch, we cut coding agent quickstart times by 90%. This integration is key to enabling coding agents to build with Crossmint’s APIs, no human intervention required.

Authentication & Authorization
Fraud & Risk Prevention
© 2025 Stytch. All rights reserved.