AhaSend uses API keys to authenticate requests. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

API Key Format

AhaSend API keys follow this format: 
aha-sk-64-CHARACTER-RANDOM-STRING
Keep your API keys secure and never expose them in client-side code, version control, or logs.

Obtaining Your API Key

  1. Log in to your AhaSend dashboard
  2. Navigate to API Keys
  3. Click “Create API Key”
  4. Select the appropriate scopes for your use case
  5. Copy and securely store your new API key
API keys are only displayed once during creation. Make sure to copy and store them securely.

Making Authenticated Requests

Authentication to the API is performed via HTTP Bearer Authentication. Provide your API key in the Authorization header: 
curl https://api.ahasend.com/v2/messages \
  -H "Authorization: Bearer aha-sk-your-api-key-here" \
  -H "Content-Type: application/json"

Security Best Practices

Server-Side Only

Only use API keys in server-side applications. Never include them in client-side code.

Secure Storage

Store API keys in environment variables or secure configuration management systems.

Principle of Least Privilege

Create API keys with only the minimum scopes required for your use case.

Regular Rotation

Regularly rotate your API keys and immediately revoke any compromised keys.

Environment Variables

Store your API key as an environment variable: 
export AHASEND_API_KEY="aha-sk-your-api-key-here"

Testing Authentication

You can test your authentication by making a simple request to the Ping utility endpoint: 
curl https://api.ahasend.com/v2/ping \
  -H "Authorization: Bearer aha-sk-your-api-key-here"
If you’re getting authentication errors, double-check that your API key is correct and that it has the necessary scopes for the endpoint you’re trying to access.

Next Steps

Now that you understand authentication, you can: