> ## Documentation Index
> Fetch the complete documentation index at: https://open.manus.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with the Manus API using API keys or OAuth2 tokens

<sup>Questions or issues? Contact us at [api-support@manus.ai](mailto:api-support@manus.ai).</sup>

The Manus API supports two authentication methods. Every request must include one of the following headers:

| Header            | Value                   | Best for                                           |
| ----------------- | ----------------------- | -------------------------------------------------- |
| `x-manus-api-key` | Your API key            | Your own integrations and scripts                  |
| `Authorization`   | `Bearer {access_token}` | Third-party OAuth2 apps acting on behalf of a user |

<Info>
  Some endpoints are **API Key only** — they do not accept OAuth tokens. Each endpoint page notes the supported authentication methods and required OAuth scopes.
</Info>

## API Key

### Create an API key

<Steps>
  <Step title="Open API settings">
    Go to [Manus API Integration settings](https://manus.im/app?show_settings=integrations\&app_name=api) in the Manus webapp.
  </Step>

  <Step title="Generate a key">
    Click **Create API Key** and give it a descriptive name (e.g. "production", "dev-testing"). Each account can have up to **50** API keys.
  </Step>

  <Step title="Copy and store securely">
    Copy the key immediately — it will only be shown once. Store it in a secure location such as an environment variable or secrets manager.
  </Step>
</Steps>

<Warning>
  Keep your API keys secure and never share them publicly. Each key provides full access to your Manus account. If a key is compromised, revoke it immediately from the settings page.
</Warning>

<Tip>
  Rate limits apply **per user** (shared across all of your API keys). See [Rate Limits](https://open.manus.ai/docs/v2/rate-limits) for the per-endpoint numbers.
</Tip>

### Use the API key

Include the key in the `x-manus-api-key` header with every request:

<Tabs>
  <Tab title="cURL">
    ```bash theme={null}
    curl -X POST https://api.manus.ai/v2/task.create \
      -H "Content-Type: application/json" \
      -H "x-manus-api-key: $MANUS_API_KEY" \
      -d '{
        "message": {
          "content": "hello"
        }
      }'
    ```
  </Tab>

  <Tab title="Python">
    ```python theme={null}
    import os
    import requests

    response = requests.post(
        "https://api.manus.ai/v2/task.create",
        headers={
            "Content-Type": "application/json",
            "x-manus-api-key": os.environ["MANUS_API_KEY"],
        },
        json={
            "message": {
                "content": "hello"
            }
        },
    )
    print(response.json())
    ```
  </Tab>

  <Tab title="TypeScript">
    ```typescript theme={null}
    const response = await fetch("https://api.manus.ai/v2/task.create", {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
        "x-manus-api-key": process.env.MANUS_API_KEY!,
      },
      body: JSON.stringify({
        message: {
          content: "hello",
        },
      }),
    });

    const data = await response.json();
    console.log(data);
    ```
  </Tab>
</Tabs>

## OAuth2 Bearer Token

For third-party apps that act on behalf of team users, use OAuth2 access tokens. Include the token in the `Authorization` header:

```bash theme={null}
curl https://api.manus.ai/v2/task.list \
  -H "Authorization: Bearer {access_token}"
```

OAuth tokens are scoped — each endpoint requires a specific scope (e.g. `create_task`, `manage_all_tasks`). See the [Open App](https://open.manus.ai/docs/v2/open-app) guide for the complete setup flow, available scopes, and token lifecycle.

<Info>
  **Team only:** Open App creation and authorization require a Team account. Only users in the same team as the app creator can authorize the app.
</Info>

## Authentication errors

If the key or token is missing or invalid, the API returns:

```json theme={null}
{
  "ok": false,
  "request_id": "req_abc123",
  "error": {
    "code": "permission_denied",
    "message": "Invalid or missing API key"
  }
}
```
