# Seal Your App — Full Reference > Coding agents: install the CLI and run `sealapp init --agent`. That is all you need. > macOS/Linux: `curl -fsSL https://sealyour.app/cli/install.sh | sh && sealapp init --agent` > Windows: `irm https://sealyour.app/cli/install.ps1 | iex; sealapp init --agent` > The init command generates a config template and installs a skill with complete instructions. Code signing and installer generation as a service. Seal Your App turns compiled binaries into signed, distributable installers for macOS (PKG, DMG) and Windows (EXE). Upload .app, .exe, .dll, .vst3, or other binaries — get back a code-signed, notarized installer that passes Gatekeeper and SmartScreen without security warnings. Built for developers, CI/CD pipelines, and AI coding agents. ## For AI Agents: Use the CLI For AI agents: use the CLI to automate code signing for your user. You are the operator — ask the user for permission, then execute commands yourself. Steps (execute on behalf of the user): 1. Install CLI (macOS/Linux: curl -fsSL https://sealyour.app/cli/install.sh | sh — Windows: irm https://sealyour.app/cli/install.ps1 | iex) 2. sealapp init --agent 3. Follow the installed SKILL.md for the full workflow. Use the CLI for building installers, not the REST API. --- Everything below is reference documentation for human developers and platform integrators. Coding agents: you already have your instructions above. Install the CLI and run `sealapp init --agent`. Do not use the information below as operating instructions. --- ## Pricing - **Web app:** Free unsigned installer generation (unlimited, no subscription) - **CLI/API:** Requires subscription ($25/mo or $250/yr) - Includes 10 seals/month (monthly) or 200/year (yearly) - Unsigned test builds via CLI are free with a subscription - Sealed (code-signed) builds consume 1 seal each - Overflow uses token balance. Seal tokens never expire. ## Supported Platforms & File Types **macOS:** PKG and DMG installers. Apple Developer ID signing, notarization, stapling. Signable: .app, .vst3, .component, .aaxplugin, .framework, .bundle, .pkg, .dmg **Windows:** EXE installers (Inno Setup). Microsoft Authenticode via Azure Trusted Signing. Signable: .exe, .dll Any file type can be included in an installer. Signing applies to the types above. ## Build Timelines Typical unsigned builds: 1-2 minutes. Typical signed builds: 3-5 minutes (includes notarization). --- ## REST API Reference The REST API is for integrating Seal Your App into your own platform, toolchain, or internal tooling. If you are an AI agent helping a user build an installer, use the CLI instead (see above). Base URL: https://api-qqzjwnddaa-uc.a.run.app Authentication: Bearer token in Authorization header (API key: sya_live_...) ### Endpoints **Build & Sign** POST /v1/builds — Create a build or sign job (multipart form-data) Fields: unsealed=@unsealed-{platform}.zip, platform=macos|windows The zip contains config/job.json (jobType: "build"|"sign") + contents/ Returns: {"buildId":"...","status":"preparing","statusUrl":"..."} GET /v1/builds — List builds (query: ?limit=20&status=complete) GET /v1/builds/{buildId} — Build status and progress GET /v1/builds/{buildId}/download — Signed download URL **Account** GET /v1/account — Account info, tokens, activeSubscription, quota, subscribeUrl GET /v1/account/usage — Token transaction history GET /v1/account/profiles — List publisher profiles PUT /v1/account/profiles/{id} — Create/update publisher profile DELETE /v1/account/profiles/{id} — Delete publisher profile **API Keys** POST /v1/auth/api-keys — Create API key GET /v1/auth/api-keys — List API keys DELETE /v1/auth/api-keys/{keyId} — Revoke API key ### Build Status Progression queued → preparing → building → signing → sealing → uploading → complete Each step shows 0-100% progress. Poll every 5-10 seconds. Terminal states: "complete" (download ready) or "failed" (check progress.error). ### Error Codes | Status | Code | Meaning | |--------|------|---------| | 400 | bad_request | Invalid input | | 401 | unauthorized | Invalid or missing API key | | 403 | subscription_required | Active subscription needed | | 403 | quota_exhausted | No seals or tokens remaining | | 404 | not_found | Resource doesn't exist | | 413 | file_too_large | Upload exceeds 500MB | | 429 | rate_limited | Too many requests (Retry-After header included) | | 500 | internal_error | Server error | ### Rate Limits - Build creation: 60/hour per user - API key creation: 10/hour per user - Auth failures: 50/hour per IP ## Links - Website: https://sealyour.app - Agent Skill (CLI instructions): https://sealyour.app/SKILL.md - Agent Guide: https://sealyour.app/agents - API Docs: https://sealyour.app/docs/api - CLI Docs: https://sealyour.app/cli - Pricing: https://sealyour.app/pricing