Preview
Every sandbox+port can get a public URL that routes to the sandbox's API endpoint.
Expose a Port
Section titled “Expose a Port”Services running inside the sandbox are not reachable publicly by default. Call exposePort to add a port to the allowlist and create a public route for it.
const exposure = await sandbox.exposePort(3000)console.log(exposure.url) // https://<sandbox-id>-3000.sandbox.example.comexposure = sandbox.expose_port(3000)print(exposure.url)exposure, err := sandbox.ExposePort(ctx, 3000)if err != nil { log.Fatal(err) }fmt.Println(exposure.PublicURL)let exposure = sandbox.expose_port(3000, ExposeOptions::default())?;if let ExposeResult::Http { url } = exposure { println!("{}", url);}ExposeResult exposure = sandbox.exposePort(3000);System.out.println(exposure.url);Unexpose a Port
Section titled “Unexpose a Port”Remove the public route and the port from the allowlist.
await sandbox.unexposePort(3000)sandbox.unexpose_port(3000)err := sandbox.UnexposePort(ctx, 3000)sandbox.unexpose_port(3000)?;sandbox.unexposePort(3000);See Port Allowlist for full details on how port access control works.
TLS certificates are issued automatically:
- Domain mode (
SB_DOMAINset): Caddy issues a single wildcard certificate covering<domain>and*.<domain>via DNS-01 (Cloudflare). The installer requires--dns-providerwhenever--domainis set - see Server Setup. - IP mode (no
SB_DOMAIN): Routes are HTTP-only, no TLS.