SendMailOS
Docs/Authentication

Authentication

Secure your API requests using Bearer token authentication.

API Keys

SendMailOS uses API keys to authenticate requests. You can create and manage API keys from your dashboard.

Live Keys

For production use

Live keys send real emails and count against your quota. Use these in production environments.

sk_live_...

Test Keys

For development

Test keys simulate email sending without actual delivery. Use these during development.

sk_test_...

Master Keys

For agencies & SaaS platforms

Master keys access all workspaces with a single key. Ideal for SaaS platforms managing multiple clients. Specify workspace_id in each request.

sk_live_... (master)

Making Authenticated Requests

Include your API key in the Authorization header using the Bearer scheme.

http
Authorization: Bearer sk_live_your_api_key_here
bash
curl -X POST https://api.sendmailos.com/api/v1/send \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"to": "[email protected]", "subject": "Hello"}'

Security Best Practices

Never expose API keys in client-side code

API keys should only be used in server-side code. Exposing them in frontend JavaScript allows anyone to make API calls on your behalf.

Use environment variables

Store API keys in environment variables, never in source code.

Rotate keys regularly

Periodically generate new API keys and revoke old ones.

Use separate keys for environments

Use test keys in development and live keys only in production.

Add .env to .gitignore

Never commit environment files containing API keys to version control.

.env
env
# Development
SENDMAILOS_API_KEY=sk_test_your_test_key

# Production (set in your hosting platform)
SENDMAILOS_API_KEY=sk_live_your_live_key

Authentication Errors

If authentication fails, you'll receive one of these error responses:

401 Unauthorized

Missing or invalid API key

json
{
  "success": false,
  "error": "Invalid API key",
  "code": "UNAUTHORIZED"
}
403 Forbidden

API key doesn't have access to the requested resource

json
{
  "success": false,
  "error": "Domain not verified for this organization",
  "code": "FORBIDDEN"
}

Managing API Keys

Create, view, and revoke API keys from your dashboard.

1

Go to Settings

Navigate to Dashboard → Settings → API Keys

2

Generate a new key

Click "Create API Key" and give it a descriptive name

3

Copy your key

Copy the key immediately—you won't be able to see it again

Go to API Settings

Next Steps

API Reference

Explore all available endpoints

Rate Limits

Understand usage quotas