API authentication
Understand hosted base URLs, SDK API keys, and bearer authentication.
Authenticate every InstantML API call with one of two credentials:
| Credential | Transport | Main use |
|---|---|---|
| Browser session | instantml_session HttpOnly cookie | Dashboard after hosted sign-in |
| SDK API key | Authorization: Bearer instantml_... | SDK, uploader, import, export, usage, and automation calls |
Bootstrap/operator tokens are intentionally outside the public hosted API contract.
Call the API with a key
Send an API key as a bearer token on any direct HTTP call:
curl https://api.instantml.ai/projects \
-H "Authorization: Bearer instantml_..."Create and manage keys in dashboard settings. Each key carries explicit scopes such as sdk:ingest (writes), export:read (reads), artifacts:write, imports:write, runs:control, and usage:read. Endpoint pages state the scope each route needs.
Use the base URL
All examples in this section target the hosted public router:
https://api.instantml.aiThe current public client contract is one stable API base URL. The frontend usually calls the API through same-origin Next rewrites, while SDK/API-key clients call the API base directly.
Configure the SDK
Set an API key in the environment:
export INSTANTML_API_KEY="instantml_..."Or pass it directly:
import instantml as im
run = im.init(
project="demo",
api_key="instantml_...",
base_url="https://api.instantml.ai",
)Handle common errors
All JSON API errors use HTTP status codes and a body with at least an error string. Some errors also include a stable code.
Hosted tenant warehouse wake/start failures return 503 with code: "warehouse_unavailable". Treat this as a retryable "warehouse is starting" state, not as an authentication failure.