API Authentication

MagicBell uses two types of JWT tokens to authenticate requests:

Token Type Scope Generated By Usage Context
Project JWT Project-wide MagicBell UI Project endpoints, server auth
User JWT Per user Your backend User endpoints, (in-app inbox)

The endpoints in the API reference (and the OpenAPI spec) show the token type necessary for the endpoint.

Using the Token

Once you have your JWT (either Project or User), include it in the Authorization header of your HTTP requests:

Authorization: Bearer <jwt>

Example

POST /broadcasts HTTP/1.1
Host: api.magicbell.com
Authorization: Bearer eyJhbGciOi...

All MagicBell SDKs and libraries handle this for you if you pass the token.

Debugging Tokens

You can use jwt.io to inspect and debug your JWTs. It shows the token's header, payload, and signature, and verifies whether it's correctly signed (if you provide the secret key).

Never paste production secrets into online tools. Only use jwt.io with non-sensitive test data.