Sandbox Authentication
Last updated January 31, 2026
The Sandbox SDK supports two authentication methods: Vercel OIDC tokens (recommended) and access tokens.
The SDK uses Vercel OpenID Connect (OIDC) tokens when available.
Local development: Download a development token by connecting to a Vercel project:
vercel link
vercel env pullThis creates a .env.local file with a VERCEL_OIDC_TOKEN. The token expires after 12 hours, so run vercel env pull again if you see authentication errors.
Production: Vercel manages token expiration automatically when your code runs on Vercel.
Use access tokens when VERCEL_OIDC_TOKEN is unavailable, such as in external CI/CD systems or non-Vercel environments.
You need:
- Your Vercel team ID
- Your Vercel project ID
- A Vercel access token with access to the team
Set these as environment variables:
VERCEL_TEAM_ID=team_xxx
VERCEL_PROJECT_ID=prj_xxx
VERCEL_TOKEN=your_access_tokenThen pass them to Sandbox.create():
| Scenario | Recommended method |
|---|---|
| Local development | OIDC token via vercel env pull |
| Deployed on Vercel | OIDC token (automatic) |
| External CI/CD | Access token |
| Non-Vercel hosting | Access token |
Was this helpful?