Authentication
All API requests require a Bearer token (API key).
API Key Authentication
Include your API key in the Authorization header:
Authorization: Bearer sk_your_api_key_herehttp
Key Details
- API keys start with
sk_and are 68 characters long. - Each key is scoped to your organization with granular module permissions.
- Rate limiting: 100 requests/minute per key.
- Keys support rotation, expiration dates, and environment labels (production, staging, development).
Permissions
Each API key has granular permissions per module.
| Module | Permissions |
|---|---|
sendinbox_readinbox_replyhistory | |
sendreceivetemplateshistory | |
| sms | sendreceivehistory |
| tracking | readexport |
| suppressions | readwrite |
| webhooks | readwrite |
| verify | use |
| ai | conversationsdraftsgenerateagents_readkb_read |
| contacts | readwrite |
Error Responses
All errors follow a consistent format:
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key"
}
}json
Common error codes:
| HTTP | Code | Description |
|---|---|---|
| 401 | UNAUTHORIZED | Missing or invalid API key |
| 403 | FORBIDDEN | API key lacks required permission |
| 429 | RATE_LIMITED | Too many requests (100/min limit) |
| 400 | VALIDATION_ERROR | Invalid request body or parameters |