FactorySandbox
HomeGet Started

Authentication

FactorySandbox uses client tokens to authenticate Docker CLI traffic to the remote Docker endpoint.

Client Tokens

Create a token in the dashboard, then configure Docker to send it as a bearer token. The FactorySandbox runtime authenticates requests from this header:

http
Authorization: Bearer <your-api-token>

Create a Token

  1. Open Client Tokens in the dashboard
  2. Click "Create Token"
  3. Give your token a descriptive name
  4. Copy the token immediately

Tokens are shown only once. FactorySandbox stores a hash of the token, not the plaintext value. If you lose it, create a new token and delete or deactivate the old one.

Configure Docker

Export the FactorySandbox Docker endpoint and authorization header in the shell where Docker commands will run:

bash
export DOCKER_HOST=tcp://docker.factorysandbox.ai:2377
export DOCKER_CUSTOM_HEADERS='Authorization=Bearer <your-api-token>'

Test the connection:

bash
docker ps

Then run sandboxes with normal Docker commands:

bash
docker run --rm alpine echo hello

Token Management

  • Use separate tokens - Create different tokens for local development, CI, and production automation
  • Store tokens securely - Keep them in your shell profile, CI secret store, or password manager
  • Rotate tokens - Create a replacement token before deactivating an old one
  • Remove unused tokens - Delete tokens for machines or workflows that no longer need access