Skip to main content

Getting an API Key

Go to dashboard.newton.xyz, sign in, and click API Keys in the left navigation — your key is already generated and ready to use.
The Newton Dashboard API at dashboard.api.newt.foundation also provides self-service API key management via API. You can authenticate with Sign-In with Ethereum (SIWE) or email OTP, then create API keys that are immediately usable with the Newton Gateway.

Authentication

The Dashboard API uses a factor-based authentication flow: you first request a challenge, then verify it to receive session tokens.
Sign-In with Ethereum (SIWE) links your wallet address to your Dashboard account.
1

Request a challenge

curl -X POST https://dashboard.api.newt.foundation/v1/auth/user_factor/siwe/challenge \
  -H "Content-Type: application/json" \
  -d '{"address": "0xYourWalletAddress"}'
Returns a verify_flow_id and nonce.
2

Sign the SIWE message

Construct a SIWE message with the returned nonce and sign it with your wallet (e.g., via MetaMask or viem).
3

Verify and get session

curl -X POST https://dashboard.api.newt.foundation/v1/auth/user_factor/verify \
  -H "Content-Type: application/json" \
  -d '{"verify_flow_id": "<verify_flow_id>", "challenge_response": "<signed_siwe_message>"}'
Returns an access_token and refresh_token.

Create an API Key

Once authenticated, create an API key for use with the Newton Gateway.
1

Authenticate

Use SIWE or email OTP as described above to obtain an access token.
2

Create an API key

curl -X POST https://dashboard.api.newt.foundation/v1/api_key \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <access_token>" \
  -d '{"name": "my-app-key", "permissions": ["rpc_read", "rpc_write"]}'
3

Use the API key

Include the key in the Authorization header when calling the Newton Gateway:
curl -X POST https://gateway-avs.sepolia.newt.foundation/rpc \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your_api_key>" \
  -d '{"jsonrpc":"2.0","method":"newt_createTask","params":{...},"id":1}'

API Key Management

OperationMethodEndpoint
CreatePOST/v1/api_key
ListGET/v1/api_key
GetGET/v1/api_key/:id
UpdatePUT/v1/api_key/:id
RotatePOST/v1/api_key/:id/rotate
DeleteDELETE/v1/api_key/:id
All management endpoints require an authenticated session (access token in Authorization header).

Permissions

PermissionDescription
adminFull access — manage projects, keys, and settings
rpc_writeWrite operations — secrets management via newt_storeEncryptedSecrets
rpc_readRead operations — task submission and simulation
rpcCombined rpc_read + rpc_write
Most integrations need rpc permission (combined read + write). Use rpc_read for frontend-only applications that submit tasks but do not manage secrets.

Policy Client Ownership

The Dashboard API verifies PolicyClient ownership by reading the on-chain getOwner() method. This ensures that only the contract owner can:
  • Upload encrypted secrets via newt_storeEncryptedSecrets
  • Access stored secrets via newt_simulatePolicyDataWithClient
Ownership is transferable on-chain via setOwner() or transferOwnership() on the PolicyClient contract.

Session Management

OperationMethodEndpoint
Refresh tokenPOST/v1/auth/refresh
LogoutPOST/v1/auth/logout
Access tokens expire after a short period. Use the refresh token to obtain a new access token without re-authenticating.

Alternative: Email Request

If you prefer not to use the Dashboard API, you can request an API key by emailing product@magicnewton.com.

Next Steps

Quickstart

Use your API key to simulate a policy evaluation

RPC API

Full Gateway API reference