Ragnarr does not create or proxy credentials. For each service, copy the API key (or credentials) from that service's own settings screen, paste it into Ragnarr, then use Test connection before saving. The base URL is always the address you would type in a browser to reach the service, for example https://sonarr.example.com or http://192.168.1.50:8989.
Sonarr, Radarr, Lidarr, Prowlarr
Open the service web UI, go to Settings → General, and copy the value of the API Key field (under the Security section). The key is a 32-character string. If you regenerate it there, every client using the old key - including Ragnarr - stops working until you update it.
If the service is configured with a URL Base (for example /sonarr for path-based reverse proxying), include it in the base URL you give Ragnarr: https://media.example.com/sonarr.
Bazarr
In the Bazarr web UI, go to Settings → General and copy the API Key under the Security section.
qBt
qBt uses the Web UI username and password instead of an API key. In the desktop or web client, check Tools → Options → Web UI: the Web UI must be enabled and reachable from your iPhone or iPad, and the credentials you set there are the ones to enter in Ragnarr. If you enabled "Bypass authentication for clients on localhost", remember it only applies to localhost - remote clients like Ragnarr still authenticate.
SABnzbd
Go to Config → General and copy the API Key (the full API key, not the limited "NZB key", which can only add downloads).
Jellyfin, Emby
In Jellyfin, open the Admin Dashboard → API Keys and create a key for Ragnarr. Emby works the same way from the server management screen. A dedicated key per client makes it easy to revoke one device later without touching the others.
Seerr
Works with Overseerr and Jellyseerr. Copy the API Key from Settings → General in the Seerr web UI.
Tautulli
Go to Settings → Web Interface and copy the API key at the bottom of the page (enable the API if it is switched off).
Portainer
Create an access token from My account → Access tokens. Tokens are shown once at creation - copy it straight into Ragnarr and test the connection before closing the page.
Unraid
Ragnarr talks to Unraid through the official Unraid GraphQL API with an API key. Create a key from your server's API settings and paste it into Ragnarr.
Freebox
No API key needed: Ragnarr pairs with the Freebox directly. Add the service, then approve the authorization request on the Freebox front display when prompted.
Common errors
- 401 Unauthorized - the key is wrong, was regenerated, or belongs to another instance. Re-copy it from the service settings.
- 404 Not Found - the base URL is missing the service's URL Base path, or points at the wrong port.
- Timeout - the URL is not reachable from your device's current network. Test it in Mobile Safari first; if it fails there, it will fail in Ragnarr. See the Tailscale/VPN guide for remote access.
Security notes
- Do not email API keys to support.
- Rotate a key if you believe it was shared accidentally.
- Prefer HTTPS, VPN, or a trusted local network for remote access.
Related guides
- Use Ragnarr with Tailscale or VPN - the simplest way to reach these URLs away from home.
- Use Ragnarr behind a reverse proxy - if your services are exposed through Caddy, Traefik or Nginx.
Back to all guides, or see the support FAQ for connection troubleshooting.