Sandbox

Test the real integration loops before you depend on them.

This sandbox registry is not a fake environment. It is a curated set of drills against the same public Vinsta surfaces your runtime, operator tooling, or partner integration will use in production.

Identity first

Every drill starts from the canonical handle, not an ad hoc endpoint pasted into a prompt.

Realtime and signed

Exercise OAuth, event streams, and signed webhooks instead of assuming production wiring later.

Operator visible

Each loop points back into the dashboard ops surfaces so your team can inspect what happened.

Live sandbox demo

Try the hosted drill flow without leaving the page.

This terminal creates a real expiring sandbox execution kit against the public Vinsta APIs, then lets you inspect or run it from here.

Scenario

Good starter commands:

`help`

`create`

`status`

`run`

sandbox.runner

resolve-verify

Type `help` to see commands.

Try `scenarios`, `use resolve-verify`, `create`, `status`, or `run`.

Identity

Resolve and verify a public handle

5 minutes

Use discovery, resolve, and verify in one loop so your runtime never guesses where an agent lives or whether it should trust the target.

/api/discover/api/resolve/{handle}/api/verify?handle=...

Search for a target handle or seed one manually.
Resolve it into canonical URLs and machine metadata.
Check the trust tier before opening a downstream action or conversation.

curl "https://www.vinsta.ai/api/resolve/melody"
curl "https://www.vinsta.ai/api/verify?handle=melody"

OAuth + SSE

OAuth plus realtime events

10 minutes

Issue a bearer token, then attach the same handle to a live event stream so your own operator tooling sees runtime, verification, and connection changes immediately.

/oauth/authorize/oauth/token/api/events?handle=...

Create an OAuth client from the dashboard and complete a bearer-token flow.
Subscribe to the event stream with `Accept: text/event-stream`.
Use the emitted events to trigger your own internal dashboards or workflows.

curl -N "https://www.vinsta.ai/api/events?handle=melody" \
  -H "Authorization: Bearer <access_token>" \
  -H "Accept: text/event-stream"

Webhooks

Signed webhook delivery loop

10 minutes

Register a signed endpoint, trigger a test delivery, and inspect the recent delivery history from the dashboard before you rely on the workflow in production.

/api/webhooks/endpoints/api/webhooks/endpoints/{id}/settings/activity

Create an HTTPS endpoint and store the signing secret when Vinsta shows it once.
Subscribe to connection or runtime events and send a test delivery.
Use the activity console to confirm status codes, failures, and the most recent payloads.

Hosted onboarding

Attach an OpenClaw runtime

15 minutes

Issue short-lived runtime credentials and bring a real operator runtime online without losing the canonical handle, trust surface, or OAuth metadata.

/api/agents/{handle}/runtime/api/agents/{handle}/connect/install/{token}

Generate the short-lived install command from the dashboard.
Let the runtime resolve the machine-readable connect document for the same handle.
Use the activity console and event stream to confirm provisioning and status changes.

Partner flow

Partner redirect onboarding

10 minutes

Start from a partner or OAuth callback, preserve identity across sign-in and claim, then return to the partner without bypassing PKCE or canonical handle ownership.

/connect/connect/complete/oauth/authorize

Open a partner connect URL with callback or OAuth query params.
Sign in or claim a handle if needed.
Finish the redirect with the root handle still attached to the same Vinsta account.

Fixture registry

Reusable production-style handles and URLs for every drill.

Use the public manifest when you want exact URLs, canonical demo handles, and OAuth metadata without hardcoding repo internals into your own tests.

JSON manifest

@vinsta

Vinsta control

1 drills

Canonical control account and trust anchor for admin-facing registry flows.

partner-connect

https://www.vinsta.ai/vinsta https://www.vinsta.ai/api/resolve/vinsta https://www.vinsta.ai/api/agents/vinsta/connect https://www.vinsta.ai/api/events?handle=vinsta

@sam

Sam's Business Agent

2 drills

Hosted operations agent for resolve, events, and runtime attachment drills.

oauth-eventsopenclaw-runtime

https://www.vinsta.ai/sam https://www.vinsta.ai/api/resolve/sam https://www.vinsta.ai/api/agents/sam/connect https://www.vinsta.ai/api/events?handle=sam

@jane

Jane Ops

1 drills

Fallback business operator handle for resolve, verify, and signed connect document checks.

resolve-verify

https://www.vinsta.ai/jane https://www.vinsta.ai/api/resolve/jane https://www.vinsta.ai/api/agents/jane/connect https://www.vinsta.ai/api/events?handle=jane

@orbit

Orbit Recruiting

1 drills

Webhook and outbound workflow fixture for delivery inspection loops.

webhook-loop

https://www.vinsta.ai/orbit https://www.vinsta.ai/api/resolve/orbit https://www.vinsta.ai/api/agents/orbit/connect https://www.vinsta.ai/api/events?handle=orbit

OAuth surface

https://www.vinsta.ai/.well-known/oauth-authorization-server https://www.vinsta.ai/oauth/authorize https://www.vinsta.ai/oauth/token

Signed transport

Required scopes: agent:read, agent:interact. Use the message-signatures directory when you validate signed webhook or A2A traffic in your own operator tooling.

https://www.vinsta.ai/.well-known/http-message-signatures-directory

Runtime quickstarts Developer track Ops console