AliasKit
← Blog

Testing Agent Signup Flows with AliasKit

Use real inboxes and Playwright to test human-style signups, then graduate to token-based agent auth when your product supports it.

Apr 6, 2026·AliasKit Team·3 min read
testingplaywrighttutorial

Most signup flows assume fingers on a keyboard: an email arrives, a human copies a code, a session cookie appears. Autonomous agents break that assumption—but your production users still experience the same UX, so your tests should exercise the real path.

AliasKit gives each test run a real email address (and optionally SMS) tied to an identity you control via API. Pair that with Playwright (or any browser driver) and you can automate OTP capture without mocking your provider.

Why not mock everything?

Mocks hide integration bugs: wrong from: filters, HTML templates that break parsers, rate limits, and slow delivery. A thin layer of real infrastructure catches those before customers do.

Flow at a glance

  1. Create an identity with an email address on a domain you control (for example aliaskit.com on the hosted product).
  2. Drive the browser through your signup UI using that address.
  3. Poll AliasKit’s email API (or use waitForCode) until the verification message arrives.
  4. Complete the flow and assert the expected logged-in state.

Install dependencies

npm install aliaskit playwright
npx playwright install

Example: Node test script

import { AliasKit } from 'aliaskit'
import { chromium } from 'playwright'

const ak = new AliasKit({ apiKey: process.env.ALIASKIT_API_KEY! })

async function main() {
  const identity = await ak.identities.create({
    name: 'E2E Agent',
    emailDomain: 'aliaskit.com',
  })

  const browser = await chromium.launch()
  const page = await browser.newPage()
  await page.goto('https://your-app.com/signup')
  await page.fill('[name="email"]', identity.email!)
  await page.click('button[type="submit"]')

  const code = await ak.emails.waitForCode(identity.id, {
    timeoutMs: 120_000,
    subjectIncludes: 'Verify',
  })

  await page.fill('[name="code"]', code)
  await page.click('button[type="submit"]')
  await page.waitForURL('**/dashboard**')

  await browser.close()
  await ak.identities.delete(identity.id)
}

main().catch(console.error)

CI tips

  • Secrets: Store ALIASKIT_API_KEY in CI secrets; use a dedicated low-scope key for tests.
  • Timeouts: Email can lag—prefer waitForCode over single-shot GETs in flaky environments.
  • Cleanup: Delete identities after tests to stay within plan limits.
  • Parallelism: Give each worker its own identity so inboxes never collide.

After signup: agent-native auth

Once your service trusts AliasKit-issued Agent Identity Tokens, agents can authenticate without repeating human OTP flows for every session. That is the bridge between “browser automation today” and “machine-to-machine tomorrow,” which we discuss in Why AI agents need their own identity.

Related posts

# Quick sanity check against the live API (use www host in production)
curl -s https://www.aliaskit.com/api/v1/identities \
  -H "Authorization: Bearer $ALIASKIT_API_KEY"

If this helped, the fastest next step is our docs quickstart—same primitives, production-ready patterns.