⚠️ Research Preview — Deli is in active development and has not undergone a third-party security audit. Do not store production API keys with spending authority. Use test keys or keys with low rate limits while we harden the platform.

Your agents need API access.

Deli handles the credentials.

Store API keys in an encrypted vault, grant scoped access via OAuth, and proxy calls to OpenAI, Anthropic, Stripe, and GitHub — without exposing raw keys.

Create AccountRead the Docs

One Platform, Three Actors

👤

Users

Store your API keys securely. Grant scoped access to platforms. Revoke anytime. Your keys, your control.

🛠

Developers

Integrate OAuth 2.0 with PKCE. Proxy API calls through Deli. Never touch user credentials.

🤖

Agents

Authenticate via client credentials. Get short-lived tokens. Make proxied API calls with full audit trail.

Agent setup in 60 seconds

# Install the CLI
$ npm install -g withdeli-cli
 
# Start a local proxy — agents use placeholder tokens
$ deli serve --allow openai,anthropic
Listening on: http://localhost:7777
OPENAI_API_KEY=DELI_PROXY_a3f9c2b1...
✓ Real credentials never leave this machine unencrypted
 
# Share a credential — time-limited, audited
$ deli share openai --expires 1h --one-time
Share URL: https://withdeli.com/share/abc123...
Expires: 1h · One-time use
✓ Revoke anytime from your dashboard

What's Built Today

Deli's core infrastructure is live and deployed. Here's what you can use right now, and what's on the way.

Live
🔐

Encrypted Vault

API keys are encrypted with AES-256-GCM at rest. Decrypted only in-memory during proxy forwarding. Never logged, never exposed.

Live
🔑

OAuth 2.0 + PKCE

Full authorization server with consent screens, authorization codes, refresh tokens, and token revocation. RFC 6749, 7636, 7009, and 8414 compliant.

Live
🔀

API Proxy

Route requests to OpenAI, Anthropic, Stripe, and GitHub through Deli. We inject credentials server-side, you get responses.

Live
📋

Scoped Access & Audit Trail

Fine-grained permission model. Every proxied request is logged with service, endpoint, status code, and response time.

Live
🔗

Credential Shares

Generate time-limited shareable links for stored credentials. One-time-use, password-protected, or open. Full audit trail on access.

Live
🖥

Local Proxy (deli serve)

Run a local HTTP proxy. Agents use placeholder tokens — real credentials are injected only for allowlisted hosts. No cloud required for local development.

Live
📦

CLI & SDK

withdeli-cli on npm for agent auth from the terminal. @deli/sdk for TypeScript with PKCE, service helpers, and Express/Next.js integrations.

Soon

On-Chain Identity & x402 Payments

Link Ethereum addresses to agents via ERC-8004. Per-call crypto payments for proxied API calls. Infrastructure is built — activation is coming.

Roadmap

Where we are and where we're headed.

Shipped
Coming Soon
Planned
OAuth 2.0 authorization server with PKCE enforcement
Full OAuth E2E flow: authorize → consent → code → token exchange
AES-256-GCM encrypted API key vault with per-account key derivation
API proxy for OpenAI, Anthropic, Stripe, GitHub
Developer portal with app management and analytics
User portal with key storage, authorizations, and activity
Agent authentication via client_credentials
@deli/sdk with OAuth client, PKCE, and service-specific helpers
Row-level security (RLS) on credential tables
Security audit logging for credential access
Webhook configuration and HMAC SHA-256 signatures
Tiered rate limiting (auth, general, proxy, token)
Full API documentation with 40+ endpoints
Portal route protection (dev/user session enforcement)
Credential shares — time-limited, scoped access tokens with expiry, one-time-use, and password protection
deli serve — local HTTP proxy with placeholder token injection and host allowlist enforcement
Credit-based billing with Stripe (buy credits, pay per proxy call)
Usage metering — per-token cost tracking across all providers
x402 per-call cryptocurrency payments
On-chain agent identity via ERC-8004
Team management and role-based access
Enterprise SSO integration
Spending controls and budget limits per app/agent
Additional API providers beyond the initial four
Multi-chain support for on-chain identity
Onboarding email sequences for new developers
Full Roadmap →

How It Works

For Users

1
Create an account
Sign up at withdeli.com — email or Google
2
Store your API keys
Add your OpenAI, Anthropic, Stripe, or GitHub keys to the encrypted vault
3
Authorize apps
When a Deli-powered app requests access, review the scopes and approve
4
Stay in control
View activity logs, revoke access anytime, and manage everything from your dashboard

For Developers

1
Register a developer account
Sign up and create your first app in the developer portal
2
Add Deli OAuth to your app
Use @deli/sdk to add "Login with Deli" — users authorize access to their stored keys
3
Proxy API calls through Deli
Your app makes requests to Deli's proxy. We inject the user's credentials server-side.
4
Ship without key management
No key storage, no token costs to eat, no credential rotation headaches. Deli handles it.

Ready to get started?

Store your keys securely, or integrate Deli OAuth into your app. Either way, you're up in minutes.


I'm a UserI'm a DeveloperRead the Docs