Sendara authenticates requests with an API key passed as a Bearer token in the Authorization header. Requests without a valid key return 401 unauthorized.
Authorization: Bearer sk_live_xxxScopes
Every key carries exactly one scope. Issue the narrowest scope each service needs.
- send — send messages and manage suppressions.
- read — read messages, events, and usage.
- admin — manage API keys, domains, and billing.
A request whose key lacks the required scope returns 403 forbidden.
Live vs test mode
Keys come in two modes. Live keys (sk_live_…) send real messages and are billed. Test keys (sk_test_…) simulate delivery — nothing is sent or billed, but your webhooks still fire so you can exercise your handlers end to end.
In test mode, the recipient address drives the simulated outcome: send to delivered@…, bounced@…, or complained@… to trigger that event.
sk_live_… in production.Creating & rotating keys
Create keys in the dashboard or over the API with an admin key. The plaintext secret is returned exactly once on creation — store it immediately.
curl https://api.sendara.dev/v1/keys \
-H "Authorization: Bearer sk_live_admin_xxx" \
-H "Content-Type: application/json" \
-d '{ "scope": "send", "test_mode": false }'Rotate a key to issue a new secret and invalidate the old one, or revoke it to disable it entirely. See the API keys reference.