Starting with SDK version
v2.0.0, secure access is turned on automatically whenever a sandbox is created. Older custom templates might not support this, in which case a rebuild may be required.Migration path
For custom templates created with envd earlier thanv0.2.0, secure access is available only after the template is rebuilt
You can set secure to false to temporarily turn off secure access during sandbox creation, but disabling secure access is not recommended for production use because of security risks.
Use novita-sandbox-cli template list to check the template Envd version. You can also inspect templates in the dashboard.
Supported versions
Sandboxes created from templates with envdv0.2.0 or later support secure access without any additional configuration.
In JavaScript and Python SDK, secure access was available as an optional configuration starting from v1.5.0.
As of SDK v2.0.0, sandboxes are provisioned with secure access turned on by default.
Access sandbox API directly
When you interact with a sandbox without using one of the SDKs, you can send requests directly to the sandbox controller URL. For sandboxes running with secure access, direct API requests are accepted only if they include the access token generated at creation time. When using the SDK, secure access is handled automatically;X-Access-Token is only needed when calling sandbox controller APIs directly without the SDK.
Include this token in the X-Access-Token header for all direct sandbox controller requests.
Upload and download operations by URLs require pre-signed URLs. We recommend using the SDK to generate them.