API Keys
Authenticate requests to Sendable with session-scoped API keys.
Creating an API Key
- Navigate to your Dashboard
- Select the session you want to use
- Go to the "API Keys" tab
- Click "Generate New Key"
- Copy the key immediately (it's only shown once)
Using API Keys
Include your API key in the x-api-key header of every request:
curl -X POST "https://api.sendable.dev/messages/send" \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"to":"6281234567890","text":"Hello"}'Best Practices
Store Keys Securely
Never commit API keys to version control. Use environment variables:
## .env
SENDABLE_API_KEY=your_api_key_here// config.ts
export const SENDABLE_API_KEY = process.env.SENDABLE_API_KEY
if (!SENDABLE_API_KEY) {
throw new Error('SENDABLE_API_KEY is required')
}Use Separate Keys for Different Environments
Create different keys for development, staging, and production:
| Environment | Session | API Key |
|---|---|---|
| Development | dev-session | sk_dev_xxx |
| Staging | staging-session | sk_staging_xxx |
| Production | prod-session | sk_prod_xxx |
Rotate Keys Regularly
Rotate your API keys every 90 days:
- Generate a new key
- Update your application configuration
- Revoke the old key
- Monitor for any errors
Revoke Compromised Keys
If you suspect a key has been compromised:
- Revoke the key immediately in the dashboard
- Generate a new key
- Update your application
- Review API logs for unauthorized usage
Key Permissions
API keys inherit permissions from their associated session:
- Send messages
- Receive webhooks
- Access session status
- Manage webhooks
Error Handling
Invalid or expired keys return a 401 Unauthorized error:
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or expired API key"
}
}See Error Handling for more details.