Authentication
SendAPI authenticates your requests using API keys. If you do not include your key, or use an invalid or revoked key, SendAPI will return an HTTP 401 Unauthorized response.
All API requests MUST be made over HTTPS. Calls made over plain HTTP will fail.
Using Your API Key
You must authenticate to the SendAPI platform by providing your secret API key in the Authorization header. You can generate and manage your API keys from your SendAPI Dashboard (app.sendapi.co).
Bearer Token Format
Provide your API key as a Bearer token:
Authorization: Bearer sk_test_YOUR_API_KEYExample Context
curl https://api.sendapi.co/v1/whatsapp/send \
-H "Authorization: Bearer sk_live_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"to": "+1234567890",
"message": "Hello world!"
}'import { SendAPI } from '@sendapi/node';
const client = new SendAPI('sk_live_YOUR_API_KEY');
// The client automatically attaches the authorization header
await client.whatsapp.send({
to: '+1234567890',
message: 'Hello world!'
});from sendapi import SendAPI
client = SendAPI('sk_live_YOUR_API_KEY')
# The client automatically attaches the authorization header
client.whatsapp.send(
to="+1234567890",
message="Hello world!"
)Key Types
Test Keys
API keys starting with sk_test_ bypass the actual external carrier networks (WhatsApp, Telecoms, Email providers). They simulate a successful API call but will never charge your account or send a real message. Use test keys extensively when developing locally or running CI/CD test suites.
Live Keys
API keys starting with sk_live_ execute real production traffic. They incur charges against your account balance and physically deliver messages to end-users. Keep your Live API keys perfectly secure.
Keep Your Keys Secret
Never commit your live API keys to GitHub, embed them in client-side code (like React, Vue, or mobile apps), or publish them in public forums. If a key is compromised, immediately revoke it from the dashboard.