API Quickstart

End-to-end workflow: create account, get API key, launch an agent session.

1Create Account

Request an OTP code via email, then verify to get a JWT.

POST /v1/auth/login

curl -X POST https://api.e2a.bot/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com"}'

POST /v1/auth/verify-otp

curl -X POST https://api.e2a.bot/v1/auth/verify-otp \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "code": "123456"}'

# Response: { "token": "eyJ...", "user_id": "usr_abc", "email": "you@example.com" }

2Create API Key

Use your JWT to create a long-lived API key for sandbox/session control.

POST /v1/api-keys

curl -X POST https://api.e2a.bot/v1/api-keys \
  -H "Authorization: Bearer eyJ..."

# Response: { "key_id": "key_abc", "key": "e2a_live_...", "prefix": "e2a_live_abc" }
# SAVE THE KEY - it's only shown once!

3Store Your LLM Key (BYO Secrets)

Create a secret bundle containing your LLM API key. Use LLM_API_KEY as the key name (vendor-agnostic).

POST /v1/tenants/me/secrets

curl -X POST https://api.e2a.bot/v1/tenants/me/secrets \
  -H "Authorization: Bearer e2a_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "my-llm-keys",
    "values": { "LLM_API_KEY": "sk-ant-..." }
  }'

See Secrets API for rotation, hot-replace, and more.

4Create Agent Session

Launch an agent session with your secrets bundle. Receive a WebSocket URL for real-time interaction.

POST /v1/sessions

curl -X POST https://api.e2a.bot/v1/sessions \
  -H "Authorization: Bearer e2a_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "agent": { "kind": "deictic" },
    "template": "standard",
    "llm": { "vendor": "anthropic", "model": "claude-sonnet-4-5" },
    "secrets": ["my-llm-keys"],
    "user_id": "usr_abc"
  }'

# Response:
{
  "chat_session_id": "ses_abc123",
  "jwt": "eyJ...",
  "connect_url": "wss://rt.e2a.bot/v1/sessions/ses_abc123/ws",
  "expires_at": "2026-05-01T13:00:00Z"
}

5Connect via WebSocket

Open a WebSocket to the connect_url. Send tasks, receive results in real-time.

WebSocket

// Browser (use ?token= since browsers can't set Authorization header on WS)
const ws = new WebSocket("wss://rt.e2a.bot/v1/sessions/ses_abc123/ws?token=eyJ...");

ws.onopen = () => {
  ws.send(JSON.stringify({ type: "task", prompt: "List files in /workspace" }));
};

ws.onmessage = (event) => {
  const msg = JSON.parse(event.data);
  console.log(msg); // { type: "stdout", data: "..." } or { type: "exit", exit_code: 0 }
};

6Monitor & Clean Up

List running sandboxes and destroy when done.

GET /v1/sandboxes

curl https://api.e2a.bot/v1/sandboxes \
  -H "Authorization: Bearer e2a_live_..."

DELETE /v1/sandboxes/{id}

curl -X DELETE https://api.e2a.bot/v1/sandboxes/sbx_7f3k9m2x \
  -H "Authorization: Bearer e2a_live_..."

Next Steps

Sessions API

Create, resume, and WebSocket protocols

Secrets API

Manage LLM keys with hot-replace

Sandboxes API

Compute primitives: exec, files, logs

Authentication

JWT, API keys, and auth concepts