Authentication

^{Questions or issues? Contact us at api-support@manus.ai.} The Manus API supports two authentication methods. Every request must include one of the following headers:

Header	Value	Best for
`x-manus-api-key`	Your API key	Your own integrations and scripts
`Authorization`	`Bearer {access_token}`	Third-party OAuth2 apps acting on behalf of a user

Some endpoints are API Key only — they do not accept OAuth tokens. Each endpoint page notes the supported authentication methods and required OAuth scopes.

API Key

Create an API key

Open API settings

Go to Manus API Integration settings in the Manus webapp.

Generate a key

Click Create API Key and give it a descriptive name (e.g. “production”, “dev-testing”). Each account can have up to 50 API keys.

Copy and store securely

Copy the key immediately — it will only be shown once. Store it in a secure location such as an environment variable or secrets manager.

Keep your API keys secure and never share them publicly. Each key provides full access to your Manus account. If a key is compromised, revoke it immediately from the settings page.

Rate limits apply per user (shared across all of your API keys). See Rate Limits for the per-endpoint numbers.

Use the API key

Include the key in the x-manus-api-key header with every request:

cURL
Python
TypeScript

curl -X POST https://api.manus.ai/v2/task.create \
  -H "Content-Type: application/json" \
  -H "x-manus-api-key: $MANUS_API_KEY" \
  -d '{
    "message": {
      "content": "hello"
    }
  }'

import os
import requests

response = requests.post(
    "https://api.manus.ai/v2/task.create",
    headers={
        "Content-Type": "application/json",
        "x-manus-api-key": os.environ["MANUS_API_KEY"],
    },
    json={
        "message": {
            "content": "hello"
        }
    },
)
print(response.json())

const response = await fetch("https://api.manus.ai/v2/task.create", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-manus-api-key": process.env.MANUS_API_KEY!,
  },
  body: JSON.stringify({
    message: {
      content: "hello",
    },
  }),
});

const data = await response.json();
console.log(data);

OAuth2 Bearer Token

For third-party apps that act on behalf of team users, use OAuth2 access tokens. Include the token in the Authorization header:

curl https://api.manus.ai/v2/task.list \
  -H "Authorization: Bearer {access_token}"

OAuth tokens are scoped — each endpoint requires a specific scope (e.g. create_task, manage_all_tasks). See the OAuth2 guide for the complete setup flow, available scopes, and token lifecycle.

Team only: OAuth app creation and authorization require a Team account. Only users in the same team as the app creator can authorize the app.

Authentication errors

If the key or token is missing or invalid, the API returns:

{
  "ok": false,
  "request_id": "req_abc123",
  "error": {
    "code": "permission_denied",
    "message": "Invalid or missing API key"
  }
}

Getting Started

API Reference

API Key

Create an API key

Use the API key

OAuth2 Bearer Token

Authentication errors

Getting Started

API Reference

Documentation Index

​API Key

​Create an API key

​Use the API key

​OAuth2 Bearer Token

​Authentication errors

API Key

Create an API key

Use the API key

OAuth2 Bearer Token

Authentication errors