Authentication
How to authenticate your API requests.
API Keys
All API requests require authentication using an API key. You can create and manage API keys in your dashboard. When creating a key, you can choose between production keys (which send real emails) and sandbox keys (which only log emails without delivering).
Using Your API Key
Include your API key in the Authorization header:
HTTP Header
Authorization: Token YOUR_API_KEY
Example Request
cURL
curl -X POST https://eml.dev/api/v1/emails \ -H "Authorization: Token em_live_abc123..." \ -H "Content-Type: application/json" \ -d '{"from": "...", "to": "...", "subject": "...", "body": "..."}'
Security Best Practices
- Keep keys secret. Never commit API keys to version control or expose them in client-side code.
- Use environment variables. Store API keys in environment variables or a secrets manager.
- Rotate keys regularly. Create new keys periodically and revoke old ones.
- Use test keys for development. Use sandbox mode API keys during development to avoid sending real emails.
Compromised key? If you suspect an API key has been compromised, revoke it immediately in your dashboard and create a new one.