> ## Documentation Index
> Fetch the complete documentation index at: https://opensandbox-oc-s-762ac928075c46d2828bcb22.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Preview URLs

> Expose sandbox ports from the CLI

## Exposing a Port

Create a public HTTPS URL that proxies traffic to a port inside your sandbox:

```bash theme={null}
oc preview create sb-abc123 --port 3000
# → hostname: sb-abc123-p3000.workers.opencomputer.dev
```

## Sharing a Dev Server

Start a server inside the sandbox, expose it, and share the URL:

```bash theme={null}
# Start a dev server in the background
oc exec sb-abc123 -- bash -c 'cd /app && npm run dev &'

# Expose port 3000
oc preview create sb-abc123 --port 3000

# Get the URL
oc preview list sb-abc123
```

## Multiple Ports

Expose multiple services from the same sandbox:

```bash theme={null}
oc preview create sb-abc123 --port 3000  # Frontend
oc preview create sb-abc123 --port 8080  # API server

oc preview list sb-abc123
# PORT  HOSTNAME                                      SSL     CREATED
# 3000  sb-abc123-p3000.workers.opencomputer.dev      active  ...
# 8080  sb-abc123-p8080.workers.opencomputer.dev      active  ...
```

## Custom Domains

Pass `--domain` to use your own domain. DNS must point to OpenComputer's ingress, and the domain must be verified in the dashboard. SSL is provisioned automatically.

```bash theme={null}
oc preview create sb-abc123 --port 3000 --domain preview.myapp.com
```

## Cleanup

```bash theme={null}
oc preview delete sb-abc123 3000
```

Preview URLs persist across hibernation/wake cycles — no need to re-create them.

## Bearer-Token Authentication

By default, anyone who knows the preview hostname can hit your sandbox's port. To require an `Authorization: Bearer <token>` header on every request, opt in at create time:

```bash theme={null}
oc sandbox create --preview-auth
# Created sandbox sb-abc123 (status: running)
# Preview auth token (shown once): qx2sSi5IYXWBvnnRqwK9Ky_cIAI-x0Vx1bPCt0XMxsI
```

Then call your preview URL with the token:

```bash theme={null}
curl -H "Authorization: Bearer qx2sSi5IYX..." https://sb-abc123-p3000.workers.opencomputer.dev/
```

Bring your own token if your gateway already has a shared secret:

```bash theme={null}
oc sandbox create --preview-auth-token "$GATEWAY_TOKEN"
```

Rotate the token (old one stops working immediately):

```bash theme={null}
oc preview rotate-auth sb-abc123
# New preview auth token (shown once): <new token>
```

Token is shown exactly once and only its SHA-256 hash is stored. See [Authentication](/sandboxes/preview-urls#authentication) for the SDK equivalents.

<Tip>
  SDK usage: [Preview URLs](/sandboxes/preview-urls). Full flags: [CLI Reference](/reference/cli#oc-preview).
</Tip>
