Replit

Give Replit apps a real inbox, OTP/TOTP, and registration automation path.

Run KeyID from Node or Python in Replit, persist the identity in Replit Secrets, and hand browser-heavy registration verification to Playwright or a KeyID MCP client when the workflow leaves your app runtime.

Verification flows Open MCP hub Lovable guide
Node + Python Replit Secrets SDK + MCP handoff Playwright-friendly

Replit setup

Keep your app code in Replit. Use KeyID for inbox and verification state, and only bring in Playwright when the job becomes real browser automation.

SDK

Node.js quick start

npm install @keyid/sdk

import { KeyID } from '@keyid/sdk';

const agent = new KeyID();
const identity = await agent.provision();
console.log(identity.email);

SDK

Python quick start

pip install keyid

from keyid import KeyID

agent = KeyID()
identity = agent.provision()
print(identity['email'])

Durable identity

Persist identity in Replit Secrets

KEYID_PUBLIC_KEY=...
KEYID_PRIVATE_KEY=...

Use Replit Secrets so deploys and scheduled jobs keep the same KeyID inbox, TOTP entries, and saved registrations.

When to use Replit code, MCP, and Playwright

Replit is a strong home for fast backend agents, internal tools, cron-style jobs, and prototypes that need real email or inbox state without a separate mail provider account.

The SDK is enough when your Replit app is sending mail, checking an inbox, or reading recent state. Persist the keys in Replit Secrets so deployments keep the same identity.

When a third-party signup requires real browser interaction, let Playwright drive the page while KeyID owns the email address, phone number, OTP/TOTP retrieval, and final secret storage.

Copy-paste prompts

These prompts work for Replit Agent sessions or as implementation briefs for a teammate working inside the Replit project.

  • Add KeyID to this Replit app and persist the identity in Replit Secrets so the email does not change across deploys.
  • Build a route that lists unread KeyID inbox messages and highlights verification emails first.
  • If the signup requires a real browser step, hand the browser path to Playwright and keep all email and OTP handling in KeyID.
  • Save the final session cookie or backup code in KeyID instead of printing it to logs.
  • Record the external registration state so the next run knows whether the account is pending, verified, or blocked.

Expected handoff sequence

  1. `@keyid/sdk` or `keyid` — run normal app-side email and inbox logic inside Replit.
  2. `provision_identity` or persisted SDK keys — keep the same KeyID identity across jobs and deployments.
  3. `wait_for_message`, `get_verification_codes`, and `list_totp_entries` — fetch the exact verification state the browser flow needs.
  4. Playwright — drive the signup or login page only when the task truly requires browser automation.
  5. `put_secret`, `save_registration`, and `get_reputation` — keep the resulting credentials, account state, and identity health durable for future runs.

Failure and recovery notes

  • If the Replit environment keeps changing the sender address, move the KeyID keys into Replit Secrets instead of generating them at runtime on every deploy.
  • If the workflow needs OAuth, CAPTCHA, or multi-page browser interaction, stop trying to fake it in plain app code and use Playwright or MCP for that step.
  • If verification polling gets noisy, filter by sender or subject before increasing timeouts or adding custom loops.