API Keys
GET /v1/api-keys
Returns all API keys for the authenticated user account.
List API Keys
bash
curl https://sendapi.co/v1/api-keys \
-H "Authorization: Bearer sk_live_123456789"javascript
const keys = await client.account.keys.list();Response
json
{
"data": [
{
"id": "key_01H9...XQ",
"name": "Production",
"prefix": "sk_live_123...",
"scopes": ["whatsapp:read", "whatsapp:write", "sms:write", "email:write"],
"last_used_at": "2026-03-09T14:30:00Z",
"expires_at": null,
"created_at": "2026-03-01T00:00:00Z"
}
]
}Create an API Key
API keys must be created from the dashboard. The full key is only shown once at creation time — store it securely.
Store Your Key Securely
The full API key value is shown only once at creation time. If you lose it, you must revoke the key and create a new one. Store it in a secrets manager or environment variable — never in source code.
Key Scopes
API keys can be scoped to restrict access to specific resources:
| Scope | Permissions |
|---|---|
whatsapp:read | Read sessions, messages, contacts |
whatsapp:write | Create sessions, send messages |
sms:write | Send SMS messages |
email:write | Send emails |
verify:write | Send OTPs and verify codes |
account:read | Read usage and billing info |
admin | Full access to all resources |
Revoke a Key
Keys can be revoked from the dashboard. Revoking a key immediately invalidates it — any requests using that key will receive a 401 Unauthorized response.