DocumentationAPI keys and scopes

API keys and scopes

Create keys, assign permissions, and rotate credentials.

API keys provide programmatic access limited by scopes. Manage them from the dashboard or via POST /tenants/:id/api-keys (JWT).

Create a key

  1. Dashboard → Settings → API keys → Create
  2. Choose a descriptive name (prod-nextjs, staging-crm)
  3. Select only the scopes you need (principle of least privilege)
  4. Copy the full key — it is shown only once

Stored format: SHA-256 hash in the database; the plaintext key cannot be recovered.

Available scopes

ScopeUse
email:sendPOST /emails/send, batch, scheduled
email:readGET /emails/logs, cancel scheduled
templates:read / templates:writeReserved; templates use JWT in current practice
contacts:read / contacts:writeAudience and GDPR erasure
campaigns:read / campaigns:writeNewsletter campaigns
sequences:read / sequences:writeAutomated sequences (API)
suppressions:read / suppressions:writeSuppression list
webhooks:manageOutbound webhook endpoints

If a scope is missing, the API responds with 403 and message Missing required API key scope.

Rotation

  1. Create a new key with the same scopes
  2. Update secrets in your deployment
  3. Revoke the old key (DELETE /tenants/:id/api-keys/:keyId)