Skip to main content

Overview

The Agent Onboarding API lets AI agents (Claude, GPT, Cursor, etc.) create Ekso workspaces programmatically — the same outcome as a human filling out the sign-up form, but via a structured two-step API. No SaaS product has standardized agent-driven sign-up yet. Ekso is leading the way.

How it works

Agent onboarding is a two-step flow with email verification to prevent abuse:
1

Request verification code

The agent sends the user’s details (name, email, company, domain) to the code endpoint. Ekso validates the inputs and emails a 6-digit verification code to the user.
2

Verify and create workspace

The agent collects the code from the user and sends it along with the same details to the signup endpoint. Ekso verifies the code and creates the workspace.
After workspace creation, the human owner receives an email with a link to set their password. The agent receives the workspace details including the tenant ID, domain, and login URL.

Endpoints

Step 1: Send verification code

POST https://ekso.app/api/bo/on/agent/code
Content-Type: application/json

{
  "name": "Jane Smith",
  "email": "[email protected]",
  "company": "Acme Corp",
  "domain": "acme"
}
Success (200): 
{
  "message": "Verification code sent"
}

Step 2: Verify code and create workspace

POST https://ekso.app/api/bo/on/agent/signup
Content-Type: application/json

{
  "name": "Jane Smith",
  "email": "[email protected]",
  "company": "Acme Corp",
  "domain": "acme",
  "verificationCode": "482916"
}
Success (200): 
{
  "tenantId": "a1b2c3d4e5f6",
  "domain": "acme",
  "loginUrl": "https://acme.ekso.app",
  "message": "Workspace created successfully. A password reset email has been sent to [email protected]."
}

Validation rules

FieldRules
nameRequired, non-empty
emailRequired, valid email format
companyRequired, non-empty
domainRequired, 3-20 characters, lowercase alphanumeric and hyphens

Error codes

All errors return a structured response with a machine-readable code field: 
{
  "code": "DOMAIN_TAKEN",
  "message": "This domain is already in use"
}
HTTP StatusCodeDescription
409DOMAIN_TAKENThe requested domain is already in use
422DOMAIN_BLACKLISTEDThe domain is reserved or blacklisted
422DOMAIN_TOO_SHORTDomain must be at least 3 characters
422DOMAIN_TOO_LONGDomain must be at most 20 characters
422INVALID_VERIFICATION_CODEThe verification code is incorrect or already used
422VERIFICATION_CODE_EXPIREDThe verification code has expired (codes are valid for 10 minutes)
429Rate limit exceeded (5 requests per 5 minutes per IP)

Rate limits

Both endpoints share a rate limit of 5 requests per 5 minutes per IP address. Additionally, verification codes cannot be re-requested for the same email within 2 minutes.

Example agent conversation

Here’s how an AI agent might guide a user through workspace creation: 
Agent: I'll create an Ekso workspace for you. What's your name, email,
       company name, and preferred subdomain?

User:  Jane Smith, [email protected], Acme Corp, and "acme" for the domain.

Agent: [Calls POST /api/bo/on/agent/code]
       I've sent a verification code to [email protected].
       Please check your email and share the 6-digit code.

User:  The code is 482916.

Agent: [Calls POST /api/bo/on/agent/signup with verificationCode: "482916"]
       Your Ekso workspace is ready at https://acme.ekso.app.
       Check your email for a link to set your password.

Discovery

Agents can discover the onboarding API through:
  • llms.txthttps://ekso.app/llms.txt
  • A2A Agent Cardhttps://ekso.app/.well-known/agent-card.json
  • This documentationhttps://ekso.dev/guide/agent-onboarding