API Authentication
MagicBell uses two types of JWT tokens to authenticate requests:
| Token Type | Scope | Generated By | Usage Context |
|---|---|---|---|
| Project JWT | Project-wide | MagicBell UI | Project endpoints, server auth |
| User JWT | Per user | Your backend | User endpoints, (in-app inbox) |
The endpoints in the API reference (and the OpenAPI spec) show the token type necessary for the endpoint.
Using the Token
Once you have your JWT (either Project or User), include it in the Authorization header of your HTTP requests:
Authorization: Bearer <jwt>
Example
POST /broadcasts HTTP/1.1
Host: api.magicbell.com
Authorization: Bearer eyJhbGciOi...
All MagicBell SDKs and libraries handle this for you if you pass the token.
Debugging Tokens
You can use jwt.io to inspect and debug your JWTs. It shows the token's header, payload, and signature, and verifies whether it's correctly signed (if you provide the secret key).
Never paste production secrets into online tools. Only use jwt.io with non-sensitive test data.