Ports

Your sandbox, just like any virtual machine, can expose ports. These ports let you connect to a process or app running in the sandbox.

Reserved ports

The following ports are reserved by Blaxel’s system:

443: This port hosts the main sandbox API and is exposed via HTTPS
80: Reserved for system operations
8080: Reserved for sandbox API functionality

You can expose and use any other port on your sandbox.

Expose a port

To whitelist sandbox traffic in your network, you can retrieve the public IP addresses used by Blaxel.

You can expose specific non-reserved ports when creating a new sandbox by using the ports parameter. This allows you to access these ports from outside the sandbox via the sandbox API.

You only need to expose ports at sandbox creation time if you plan to access the port via the sandbox API. For access via preview URL, ports are dynamically opened as needed.

import { SandboxInstance } from "@blaxel/core";

// Create a new sandbox
const sandbox = await SandboxInstance.create({
  name: "my-sandbox",
  image: "blaxel/base-image:latest",
  memory: 4096,
  region: "us-pdx-1",
  ports: [{ target: 3000 }]
});

Access the sandbox on a specific port

Via the sandbox API

This option requires your request to be authenticated. You can access your sandbox on a specific port through the sandbox API using the following URL format:

https://sbx-{resource_name}-{workspace_id}.{region_id}.bl.run/port/{port_number}

For example to connect to port 3000 on my-sandbox in workspace abc123: https://sbx-my-sandbox-abc123.us-pdx-1.bl.run/port/3000 Request paths, if any, can be specified after the port number. For example: https://sbx-my-sandbox-abc123.us-pdx-1.bl.run/port/3000/my/api/endpoint

Via a preview URL

Preview URLs provide a simple URL that maps to an internal port of your sandbox. You can either make this URL fully public or secure it with token-based authentication. Generally speaking:

for file and process management in your sandbox, use the sandbox API or SDK.
to access running applications within the sandbox (such as a NextJS preview server on port 3000), use a preview URL instead.

Via SDK

sandbox.fetch() (recommended)
Manual URL (older SDKs)

Available in @blaxel/core >= 0.2.79 (Node.js) and blaxel >= 0.2.49 (Python).

The SDK provides a built-in fetch method that handles authentication and proxies requests through the sandbox’s /port/{port} endpoint.

import { SandboxInstance } from "@blaxel/core";

const sandbox = await SandboxInstance.get("my-sandbox");

// Fetch a resource on port 3000
const response = await sandbox.fetch(3000);
console.log(await response.text());

// Fetch with a specific path
const apiResponse = await sandbox.fetch(3000, "/api/health");
console.log(await apiResponse.json());

For older SDK versions, you can construct the port URL manually. This requires your request to be authenticated.

import { SandboxInstance } from "@blaxel/core";

// Connect to existing sandbox
const sandbox = await SandboxInstance.get("my-sandbox")

// Get URL for port access
const url = `${sandbox.metadata.url}/port/3000`

// Use the URL with authenticated requests
const response = await fetch(url, {
  headers: { 'Authorization': 'Bearer YOUR_TOKEN' }
})

Create preview URLs

Expose applications running within the sandbox via a direct preview URL.

Get Started

Sandboxes

Agent Drive

Volumes

Batch Jobs

Agents Hosting

MCP Servers Hosting

Model Gateway

Observability

Integrations

Administration & security

Troubleshooting

Reserved ports

Expose a port

Access the sandbox on a specific port

Via the sandbox API

Via a preview URL

Via SDK

Create preview URLs

Get Started

Sandboxes

Agent Drive

Volumes

Batch Jobs

Agents Hosting

MCP Servers Hosting

Model Gateway

Observability

Integrations

Administration & security

Troubleshooting

​Reserved ports

​Expose a port

​Access the sandbox on a specific port

​Via the sandbox API

​Via a preview URL

​Via SDK

Create preview URLs

Reserved ports

Expose a port

Access the sandbox on a specific port

Via the sandbox API

Via a preview URL

Via SDK