Skip to main content

API Key Authentication

All requests to the SendPilot API must be authenticated using an API key. Include your API key in the X-API-Key header of every request: 
curl https://api.sendpilot.ai/api/v1/campaigns \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json"

Obtaining API Keys

API keys are created through the SendPilot dashboard:
  1. Log in to your SendPilot account
  2. Navigate to IntegrationsAPI Keys
  3. Click Create API Key
  4. Give your key a descriptive name
  5. Copy and securely store your API key
API keys are only shown once when created. Store them securely immediately.

API Key Security

Your API keys carry sensitive privileges. Keep them secure at all times.

Best Practices

  • Never commit API keys to version control (use environment variables)
  • Rotate keys regularly for enhanced security
  • Use descriptive names to track which key is used where
  • Revoke unused keys through the dashboard
  • Monitor usage for unexpected patterns

Storing Keys Securely

Store API keys in environment variables or a secure secrets management system: 
# .env file (never commit this)
SENDPILOT_API_KEY=sp_live_abc123xyz...

// Node.js example
const apiKey = process.env.SENDPILOT_API_KEY;

const response = await fetch('https://api.sendpilot.ai/api/v1/campaigns', {
  method: 'GET',
  headers: {
    'X-API-Key': apiKey,
    'Content-Type': 'application/json'
  }
});

# Python example
import os
import requests

api_key = os.environ.get('SENDPILOT_API_KEY')

response = requests.get(
    'https://api.sendpilot.ai/api/v1/campaigns',
    headers={
        'X-API-Key': api_key,
        'Content-Type': 'application/json'
    }
)

Error Responses

401 Unauthorized

Returned when authentication fails: 
{
  "statusCode": 401,
  "message": "Invalid API key",
  "error": "Unauthorized"
}
Common causes:
  • Missing X-API-Key header
  • Invalid API key
  • Revoked API key

403 Forbidden

Returned when authentication succeeds but you lack permission: 
{
  "statusCode": 403,
  "message": "API key does not have permission to access this workspace",
  "error": "Forbidden"
}
Common causes:
  • API key belongs to a different workspace
  • Trying to access another user’s resources

Scoping

Each API key is scoped to a specific workspace. You can only access campaigns and leads within the workspace associated with your API key.