Authentication
MagicBell uses two types of JWT tokens to authenticate requests:
| Token Type | Scope | Generated By | Usage Context |
|---|---|---|---|
| Project JWT | Project-wide | MagicBell UI | Project endpoints, server auth |
| User JWT | Per user | Your backend | User endpoints, (in-app inbox) |
The endpoints in the API reference (and the OpenAPI spec) show the token type necessary for the endpoint.
Using the Token
Once you have your JWT (either Project or User), include it in the Authorization header of your HTTP requests:
Authorization: Bearer <jwt>
Example
POST /broadcasts HTTP/1.1
Host: api.magicbell.com
Authorization: Bearer eyJhbGciOi...
All MagicBell SDKs and libraries handle this for you if you pass the token.
Obtaining Project JWTs
Project tokens are obtained and managed via our dashboard. Read more about that on the Project Auth section in our docs.
Generating User JWTs
User tokens are generated on your backend using the Secret Key and the API Key from your project. Read more about that on the User Auth section in our docs.