Questions or issues? Contact us at api-support@manus.ai.
The Manus API supports two authentication methods. Every request must include one of the following headers:
| Header | Value | Best for |
|---|
x-manus-api-key | Your API key | Your own integrations and scripts |
Authorization | Bearer {access_token} | Third-party OAuth2 apps acting on behalf of a user |
Some endpoints are API Key only — they do not accept OAuth tokens. Each endpoint page notes the supported authentication methods and required OAuth scopes.
API Key
Create an API key
Generate a key
Click Create API Key and give it a descriptive name (e.g. “production”, “dev-testing”). Each account can have up to 50 API keys.
Copy and store securely
Copy the key immediately — it will only be shown once. Store it in a secure location such as an environment variable or secrets manager.
Keep your API keys secure and never share them publicly. Each key provides full access to your Manus account. If a key is compromised, revoke it immediately from the settings page.
Rate limits apply per user (shared across all of your API keys). See Rate Limits for the per-endpoint numbers.
Use the API key
Include the key in the x-manus-api-key header with every request:
curl -X POST https://api.manus.ai/v2/task.create \
-H "Content-Type: application/json" \
-H "x-manus-api-key: $MANUS_API_KEY" \
-d '{
"message": {
"content": "hello"
}
}'
import os
import requests
response = requests.post(
"https://api.manus.ai/v2/task.create",
headers={
"Content-Type": "application/json",
"x-manus-api-key": os.environ["MANUS_API_KEY"],
},
json={
"message": {
"content": "hello"
}
},
)
print(response.json())
const response = await fetch("https://api.manus.ai/v2/task.create", {
method: "POST",
headers: {
"Content-Type": "application/json",
"x-manus-api-key": process.env.MANUS_API_KEY!,
},
body: JSON.stringify({
message: {
content: "hello",
},
}),
});
const data = await response.json();
console.log(data);
OAuth2 Bearer Token
For third-party apps that act on behalf of team users, use OAuth2 access tokens. Include the token in the Authorization header:
curl https://api.manus.ai/v2/task.list \
-H "Authorization: Bearer {access_token}"
OAuth tokens are scoped — each endpoint requires a specific scope (e.g. create_task, manage_all_tasks). See the Open App guide for the complete setup flow, available scopes, and token lifecycle.
Team only: Open App creation and authorization require a Team account. Only users in the same team as the app creator can authorize the app.
Authentication errors
If the key or token is missing or invalid, the API returns:
{
"ok": false,
"request_id": "req_abc123",
"error": {
"code": "permission_denied",
"message": "Invalid or missing API key"
}
}