Authentication

API keys

API keys provide programmatic access to the Magnet API. They’re scoped to a workspace and grant access to all resources within it.

Creating an API key

Go to Settings > API Keys in the Magnet dashboard
Click Create API Key
Copy and securely store the key — it won’t be shown again

Using an API key

Include your API key in requests using one of these methods:

curl -H "x-api-key: YOUR_API_KEY" \
  https://magnet.run/api/sessions

When using an API key, the workspace is automatically resolved from the key — you don’t need to pass organizationId separately.

Browser authentication

When you use the Magnet dashboard, authentication is handled automatically when you sign in. No additional setup is needed.

Some actions — like creating a session — can only be performed from the dashboard (not via API key), since they need to be attributed to a specific user.

Authorization

Magnet checks that you have access to the requested workspace:

API key — the key must belong to the target workspace
Dashboard — you must be a member of the workspace

Requests to resources outside your workspace return 403 Forbidden.

Error responses

Status	Meaning
`401 Unauthorized`	Missing or invalid credentials
`403 Forbidden`	Valid credentials but no access to the requested workspace

Quickstart Environments

​API keys

​Creating an API key

​Using an API key

​Browser authentication

​Authorization

​Error responses

API keys

Creating an API key

Using an API key

Browser authentication

Authorization

Error responses