> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codezero.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Get cordon running and proxying your first API request in 5 minutes.

This guide walks you through setting up cordon to inject a credential into an HTTPS request — using [httpbin.org/headers](https://httpbin.org/headers) so you can see the injected header in the response. It's also a good way to confirm everything is working as expected before configuring your real API routes.

Cordon is project-first — running `cordon setup` in a project directory creates a `cordon.toml` there with the project's routes and credentials isolated from other projects. A user-wide scope is also available for tools that span projects. See [Scopes](/configuration/overview#scopes) for details.

## 1. Run setup

```bash theme={null}
cordon setup
```

The wizard generates CA certificates, creates a config file, and walks you through adding your first route. Say yes when asked to trust the CA certificate. Then say yes when prompted to add a route, enter `httpbin.org` as the host, `httpbin` as the route name, `header` as the auth type, `Authorization` as the header name, accept the default `Bearer` scheme, choose `keyring` as the secret source, and enter `httpbin` as the keyring account. Say no when asked to install cordon as a background service for this quickstart.

After setup, store a test token in the keyring:

```bash theme={null}
cordon secret set httpbin
# When prompted, enter any value — e.g. "my-secret-token"
```

<Tip>
  On macOS, `cordon secret set` stores credentials via the system keyring using an entry that cordon owns. This avoids the repeated "allow access to keychain" permission dialogs you'd see if cordon tried to read credentials stored by another application.
</Tip>

## 2. Start the proxy

```bash theme={null}
cordon start
```

You'll see output like:

```
INFO cordon: listening on 127.0.0.1:6790
INFO cordon: route "httpbin" → httpbin.org (header)
INFO cordon: health endpoint ready
```

## 3. Route traffic through the proxy

In a separate terminal:

```bash theme={null}
eval "$(cordon env)"

curl https://httpbin.org/headers
```

httpbin echoes back all request headers. You should see your injected credential in the response:

```json theme={null}
{
  "headers": {
    "Accept": "*/*",
    "Authorization": "Bearer my-secret-token",
    "Host": "httpbin.org",
    "User-Agent": "curl/8.7.1"
  }
}
```

Notice the `Authorization` header — you never sent it. Cordon intercepted the request, matched the `httpbin.org` route, and injected the credential from your keyring.

You can add more routes with `cordon route add`, or edit existing ones with `cordon route edit <name>`. Prefer those commands over hand-editing `cordon.toml`; they validate the route and write the safer configuration for you.

## Next steps

<CardGroup cols={2}>
  <Card title="Claude Code Setup" icon="robot" href="/guides/claude-code">
    One-command setup for AI agent workflows
  </Card>

  <Card title="1Password Guide" icon="lock" href="/guides/onepassword">
    Detailed 1Password setup and security model
  </Card>

  <Card title="Secret Sources" icon="key" href="/configuration/secret-sources">
    Configure 1Password and OS keyring
  </Card>

  <Card title="CLI Reference" icon="terminal" href="/cli/start">
    All CLI commands and options
  </Card>
</CardGroup>