A SQL database your agent gets without signing up.

Disposable SQLite for LLM agents. A single HTTP call provisions a private database. 10-minute TTL. No API key, no credit card, no form.

~/ terminal
# First request — no session header, a fresh instance is provisioned
curl -X POST https://api.walkindb.com/sql \
  -H "content-type: application/json" \
  -d '{"sql":"CREATE TABLE notes(id INTEGER PRIMARY KEY, body TEXT);
          INSERT INTO notes(body) VALUES(\"hello\")"}'

# Response returns a session token in the header
X-Walkin-Session: wkn_01HZ...

# Subsequent requests reuse the token — same database, same 10-min TTL
curl -X POST https://api.walkindb.com/sql \
  -H "X-Walkin-Session: wkn_01HZ..." \
  -H "content-type: application/json" \
  -d '{"sql":"SELECT * FROM notes"}'

# 10 minutes later, the database is gone. That's the feature.

It's a real SQLite database. CREATE TABLE, joins, indexes, FTS5 — all real. It's just opinionated about ownership: you don't own the data, and you can't keep it.

Why this exists

LLM agents can't sign up for anything. Ask Claude or GPT to "use a database," and you get to watch it hallucinate its way through a signup form it was never going to complete. Every existing managed database assumes there's a human with a credit card on the other end. There isn't.

walkindb is what you reach for when your agent needs a place to scribble state for the next five minutes and move on. Full SQL, real isolation, zero friction.

How it works

  1. POST your first SQL query No headers, no token. A fresh private SQLite file is provisioned and the query runs.
  2. Get a session token back Returned in the X-Walkin-Session response header. Include it on subsequent requests to reach the same database.
  3. 10 minutes later, the file is deleted TTL is non-negotiable on the free tier. Need persistence? There's a paid tier — but agents rarely do.

What it is and isn't

✓ what it is

  • Full SQLite per instance
  • HTTP/JSON — curl works
  • Python & JS SDKs
  • MCP server for Claude Code & Cursor
  • Apache 2.0 open source

✗ what it isn't

  • Not a durable database
  • Not for PII or regulated data
  • Not a Postgres replacement
  • Not pay-to-start — ever

Security

Exposing raw SQL to unauthenticated callers is obviously the interesting part. The defense is layered. Live today: an 8 KB request body cap, a 2-second wall-clock query timeout, a 10 MB SQLite max_page_count per instance, per-IP rate limits, isolated per-session SQLite files under a hardened systemd unit, and a non-enumerable session model that returns 404 (not 401) on unknown or expired tokens. Rolling out before any growth-channel launch: SQLite compile-time hardening (no LOAD_EXTENSION, no ATTACH), an authorizer callback denying dangerous functions, per-VDBE-op limits, and a Landlock + seccomp-bpf sandbox with no network namespace. Full model and rollout state in SECURITY.md.

Bug bounty: if you find a way past any of it, email [email protected] — we'll pay a bounty proportional to impact.

Install

~/ terminal
# Python
pip install walkindb

# JavaScript / TypeScript
npm install walkindb

# Or just curl — no SDK required