Skip to main content
The Newton Dashboard API at dashboard.api.newt.foundation provides self-service API key management. You can authenticate with Sign-In with Ethereum (SIWE) or email OTP, then create API keys that are immediately usable with the Newton Gateway.
The Dashboard web platform is coming soon. For early access, reach out to product@magicnewton.com.

Authentication

The Dashboard API uses a factor-based authentication flow: you first request a challenge, then verify it to receive session tokens.
Sign-In with Ethereum (SIWE) links your wallet address to your Dashboard account.
1

Request a challenge

curl -X POST https://dashboard.api.newt.foundation/v1/auth/user_factor/siwe/challenge \
  -H "Content-Type: application/json" \
  -d '{"address": "0xYourWalletAddress"}'
Returns a verify_flow_id and nonce.
2

Sign the SIWE message

Construct a SIWE message with the returned nonce and sign it with your wallet (e.g., via MetaMask or viem).
3

Verify and get session

curl -X POST https://dashboard.api.newt.foundation/v1/auth/user_factor/verify \
  -H "Content-Type: application/json" \
  -d '{"verify_flow_id": "<verify_flow_id>", "challenge_response": "<signed_siwe_message>"}'
Returns an access_token and refresh_token.

Create an API Key

Once authenticated, create an API key for use with the Newton Gateway.
1

Authenticate

Use SIWE or email OTP as described above to obtain an access token.
2

Create an API key

curl -X POST https://dashboard.api.newt.foundation/v1/api_key \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <access_token>" \
  -d '{"name": "my-app-key", "permissions": ["rpc_read", "rpc_write"]}'
3

Use the API key

Include the key in the Authorization header when calling the Newton Gateway:
curl -X POST https://gateway-avs.sepolia.newt.foundation/rpc \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your_api_key>" \
  -d '{"jsonrpc":"2.0","method":"newt_createTask","params":{...},"id":1}'

API Key Management

OperationMethodEndpoint
CreatePOST/v1/api_key
ListGET/v1/api_key
GetGET/v1/api_key/:id
UpdatePUT/v1/api_key/:id
RotatePOST/v1/api_key/:id/rotate
DeleteDELETE/v1/api_key/:id
All management endpoints require an authenticated session (access token in Authorization header).

Permissions

PermissionDescription
adminFull access — manage projects, keys, and settings
rpc_writeWrite operations — secrets management via newt_storeEncryptedSecrets
rpc_readRead operations — task submission and simulation
rpcCombined rpc_read + rpc_write
Most integrations need rpc permission (combined read + write). Use rpc_read for frontend-only applications that submit tasks but do not manage secrets.

Policy Client Ownership

The Dashboard API verifies PolicyClient ownership by reading the on-chain getOwner() method. This ensures that only the contract owner can:
  • Upload encrypted secrets via newt_storeEncryptedSecrets
  • Access stored secrets via newt_simulatePolicyDataWithClient
Ownership is transferable on-chain via setOwner() or transferOwnership() on the PolicyClient contract.

Session Management

OperationMethodEndpoint
Refresh tokenPOST/v1/auth/refresh
LogoutPOST/v1/auth/logout
Access tokens expire after a short period. Use the refresh token to obtain a new access token without re-authenticating.

Alternative: Email Request

If you prefer not to use the Dashboard API, you can request an API key by emailing product@magicnewton.com.

Next Steps

Quickstart

Use your API key to simulate a policy evaluation

RPC API

Full Gateway API reference