Skip to main content
Overview Keys authenticate requests; optional scopes restrict capabilities for least privilege. Create & use
  • Settings → API → Create key.
  • Use Authorization: Bearer <key> or x-api-key: <key>.
Scopes
  • send_email for /api/v1/emails/*
  • read_sends for /api/v1/sends/{id}
  • preferences_read / preferences_manage for /api/v1/preferences
  • If no scopes present, default send permissions apply (backward compatibility).
Limits & rotation
  • Per-minute limit per key (optional); on 429, retry after Retry-After.
  • Rotate keys periodically; delete unused keys; audit last-used times.
Best practices
  • One key per service/environment with only required scopes.
  • Store server-side; never expose to client code.