A SQL database your agent gets without signing up.

Disposable SQLite for LLM agents. A single HTTP call provisions a private database. 10-minute TTL. No API key, no credit card, no form.

~/ terminal
# First request — no session header, a fresh instance is provisioned
curl -X POST https://api.walkindb.com/sql \
  -H "content-type: application/json" \
  -d '{"sql":"CREATE TABLE notes(id INTEGER PRIMARY KEY, body TEXT);
          INSERT INTO notes(body) VALUES(\"hello\")"}'

# Response returns a session token in the header
X-Walkin-Session: wkn_01HZ...

# Subsequent requests reuse the token — same database, same 10-min TTL
curl -X POST https://api.walkindb.com/sql \
  -H "X-Walkin-Session: wkn_01HZ..." \
  -H "content-type: application/json" \
  -d '{"sql":"SELECT * FROM notes"}'

# 10 minutes later, the database is gone. That's the feature.

It's a real SQLite database. CREATE TABLE, joins, indexes, FTS5 — all real. It's just opinionated about ownership: you don't own the data, and you can't keep it.

Why this exists

LLM agents can't sign up for anything. Ask Claude or GPT to "use a database," and you get to watch it hallucinate its way through a signup form it was never going to complete. Every existing managed database assumes there's a human with a credit card on the other end. There isn't.

walkindb is what you reach for when your agent needs a place to scribble state for the next five minutes and move on. Full SQL, real isolation, zero friction.

How it works

  1. POST your first SQL query No headers, no token. A fresh private SQLite file is provisioned and the query runs.
  2. Get a session token back Returned in the X-Walkin-Session response header. Include it on subsequent requests to reach the same database.
  3. 10 minutes later, the file is deleted TTL is non-negotiable on the free tier. Need persistence? There's a paid tier — but agents rarely do.

What it is and isn't

✓ what it is

  • Full SQLite per instance
  • HTTP/JSON — curl works
  • Python & JS SDKs
  • MCP server for Claude Code & Cursor
  • Apache 2.0 open source

✗ what it isn't

  • Not a durable database
  • Not for PII or regulated data
  • Not a Postgres replacement
  • Not pay-to-start — ever

Security

Exposing raw SQL to unauthenticated callers is obviously the interesting part. The defense is layered: SQLite built without LOAD_EXTENSION or ATTACH, an authorizer callback denying dangerous functions, hard VDBE op and query-length limits, a 2-second query timeout, a 10 MB page-count cap, and the executor runs in a Landlock + seccomp-bpf sandbox with no network namespace. Even if SQLite had a CVE, the sandbox contains it.

Bug bounty: if you find a way past all of it, email security@walkindb.com — we'll pay a bounty proportional to impact. Full model in SECURITY.md.

Install

~/ terminal
# Python
pip install walkindb

# JavaScript / TypeScript
npm install walkindb

# Or just curl — no SDK required