> ## Documentation Index > Fetch the complete documentation index at: https://e2b.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Create sandbox > Create a sandbox from the template ## OpenAPI ````yaml /openapi-public.yml post /sandboxes openapi: 3.1.0 info: title: E2B API version: 0.1.0 description: >- Complete E2B developer API. Platform endpoints are served on api.e2b.app. Sandbox endpoints (envd) are served on the shared sandbox host (sandbox.e2b.app); target a specific sandbox with the E2b-Sandbox-Id and E2b-Sandbox-Port headers. servers: - url: https://api.e2b.app description: E2B Platform API security: [] tags: - name: Sandboxes - name: Templates - name: Tags - name: Volumes - name: Envd - name: Filesystem - name: Process - name: Teams paths: /sandboxes: servers: - url: https://api.e2b.app description: E2B Platform API post: tags: - Sandboxes summary: Create sandbox description: Create a sandbox from the template operationId: postSandboxes requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/NewSandbox' responses: '201': description: The sandbox was created successfully content: application/json: schema: $ref: '#/components/schemas/Sandbox' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '500': $ref: '#/components/responses/500' security: - ApiKeyAuth: [] components: schemas: NewSandbox: required: - templateID properties: templateID: type: string description: Identifier of the required template timeout: type: integer format: int32 minimum: 0 default: 15 description: Time to live for the sandbox in seconds. autoPause: type: boolean default: false description: Automatically pauses the sandbox after the timeout autoPauseMemory: type: boolean default: true description: >- Controls the snapshot kind taken when the sandbox auto-pauses on timeout (only relevant when autoPause is true). When false, the auto-pause drops the in-memory state and persists only the filesystem (a filesystem-only snapshot); resuming it cold-boots (reboots) the sandbox from disk. Such a snapshot cannot be auto-resumed by traffic and must be resumed explicitly, so it cannot be combined with autoResume. Defaults to true (full memory snapshot). autoResume: $ref: '#/components/schemas/SandboxAutoResumeConfig' secure: type: boolean description: Secure all system communication with sandbox allow_internet_access: type: boolean description: >- Allow sandbox to access the internet. When set to false, it behaves the same as specifying denyOut to 0.0.0.0/0 in the network config. network: $ref: '#/components/schemas/SandboxNetworkConfig' metadata: $ref: '#/components/schemas/SandboxMetadata' envVars: $ref: '#/components/schemas/EnvVars' mcp: $ref: '#/components/schemas/Mcp' volumeMounts: type: array items: $ref: '#/components/schemas/SandboxVolumeMount' type: object Sandbox: required: - templateID - sandboxID - clientID - envdVersion properties: templateID: type: string description: Identifier of the template from which is the sandbox created sandboxID: type: string description: Identifier of the sandbox alias: type: string description: Alias of the template clientID: type: string deprecated: true description: Identifier of the client envdVersion: $ref: '#/components/schemas/EnvdVersion' envdAccessToken: type: - string - 'null' description: >- Access token for authenticating envd requests to this sandbox. Only returned when the sandbox is created with `secure: true`. Null for non-secure sandboxes (envd endpoints work without auth). trafficAccessToken: type: - string - 'null' description: Token required for accessing sandbox via proxy. domain: type: - string - 'null' description: >- Deprecated: always null. Construct sandbox URLs as `https://{port}-{sandboxID}.e2b.app`. deprecated: true type: object SandboxAutoResumeConfig: type: object description: Auto-resume configuration for paused sandboxes. required: - enabled properties: enabled: $ref: '#/components/schemas/SandboxAutoResumeEnabled' SandboxNetworkConfig: type: object properties: allowPublicTraffic: type: boolean default: true description: >- Specify if the sandbox URLs should be accessible only with authentication. allowOut: type: array description: >- List of allowed destinations for egress traffic. Each entry can be a CIDR block (e.g. "8.8.8.8/32"), a bare IP address (e.g. "8.8.8.8"), or a domain name (e.g. "example.com", "*.example.com"). Allowed entries always take precedence over denied entries. items: type: string denyOut: type: array description: >- List of denied CIDR blocks or IP addresses for egress traffic. Domain names are not supported for deny rules. items: type: string egressProxy: $ref: '#/components/schemas/SandboxEgressProxyConfig' maskRequestHost: type: string description: Specify host mask which will be used for all sandbox requests rules: type: object description: > Per-domain transform rules applied to matching egress HTTP/HTTPS requests. Keys are domains (e.g. "api.example.com", "example.com"). A domain listed here is not automatically allowed - use allowOut to permit the traffic. additionalProperties: type: array items: $ref: '#/components/schemas/SandboxNetworkRule' SandboxMetadata: additionalProperties: type: string description: Metadata of the sandbox type: object EnvVars: additionalProperties: type: string description: Environment variables for the sandbox type: object Mcp: type: object description: MCP configuration for the sandbox additionalProperties: {} nullable: true SandboxVolumeMount: type: object properties: name: type: string description: Name of the volume path: type: string description: Path of the volume required: - name - path EnvdVersion: type: string description: Version of the envd running in the sandbox Error: required: - code - message properties: code: type: integer format: int32 description: Error code message: type: string description: Error type: object SandboxAutoResumeEnabled: type: boolean description: Auto-resume enabled flag for paused sandboxes. Default false. default: false SandboxEgressProxyConfig: type: object nullable: true description: >- SOCKS5 proxy for sandbox egress. Outbound TCP is tunneled through the proxy after allow/deny filtering; the sandbox is unaware. Domain-matched flows use remote DNS (ATYP=domain). required: - address properties: address: type: string description: >- SOCKS5 proxy address in host:port format (e.g. "proxy.example.com:1080"). username: type: string maxLength: 255 description: Optional SOCKS5 username (RFC 1929), max 255 bytes. password: type: string maxLength: 255 description: Optional SOCKS5 password (RFC 1929), max 255 bytes. SandboxNetworkRule: type: object description: Transform rule applied to egress requests matching a domain pattern. properties: transform: $ref: '#/components/schemas/SandboxNetworkTransform' SandboxNetworkTransform: type: object description: Transformations applied to matching egress requests before forwarding. properties: headers: type: object description: > HTTP headers to inject or override in matching requests. An existing header with the same name is replaced. Values are plain strings; secret resolution happens client-side before sending to the API. additionalProperties: type: string responses: '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/Error' '401': description: Authentication error content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: Server error content: application/json: schema: $ref: '#/components/schemas/Error' securitySchemes: ApiKeyAuth: type: apiKey in: header name: X-API-Key ````