Skip to main content

Authentication

Sendmator uses API keys to authenticate requests. Include your API key in the X-API-Key header of every request.

API Key Format

X-API-Key: your-api-key

Using with cURL

curl -H "X-API-Key: your-api-key" \
https://api.sendmator.com/api/v1/messages/send

Environment Variables

Store your API key securely using environment variables:

export SENDMATOR_API_KEY="your-api-key"

Then use it in your API calls:

curl -H "X-API-Key: $SENDMATOR_API_KEY" \
https://api.sendmator.com/api/v1/messages/send

Testing Your Authentication

Test your API key with a simple request:

curl -X POST https://api.sendmator.com/api/v1/messages/send \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"recipient_type": "direct_email", "direct_email": "test@example.com", "subject": "Test", "content": "Test email"}'

Success response:

{
"success": true,
"trigger_id": "550e8400-e29b-41d4-a716-446655440000",
"job_id": "660f9511-f39c-52e5-b827-557766551111",
"message": "Message queued successfully"
}

Error Responses

If authentication fails, you'll receive a 401 Unauthorized response:

{
"error": {
"type": "authentication_error",
"message": "Invalid API key provided"
}
}

Security Best Practices

  • Never expose your API key in client-side code
  • Use environment variables to store your API key
  • Rotate your API keys regularly
  • Use different API keys for different environments (dev, staging, production)
  • Monitor API key usage in your dashboard

Rate Limits

API keys have rate limits based on your plan:

  • Free: 100 requests/hour
  • Pro: 10,000 requests/hour
  • Enterprise: Custom limits

Rate limit headers are included in every response:

X-RateLimit-Limit: 10000
X-RateLimit-Remaining: 9999
X-RateLimit-Reset: 1640995200

Next Steps