Overview
API Authentication
Learn how to authenticate your requests using AhaSend API keys
Authentication
AhaSend uses API keys to authenticate requests. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.API Key Format
AhaSend API keys follow this format:Keep your API keys secure and never expose them in client-side code, version control, or logs.
Obtaining Your API Key
- Log in to your AhaSend dashboard
- Navigate to API Keys
- Click “Create API Key”
- Select the appropriate scopes for your use case
- Copy and securely store your new API key
API keys are only displayed once during creation. Make sure to copy and store them securely.
Making Authenticated Requests
Authentication to the API is performed via HTTP Bearer Authentication. Provide your API key in theAuthorization header:
Security Best Practices
Server-Side Only
Only use API keys in server-side applications. Never include them in client-side code.
Secure Storage
Store API keys in environment variables or secure configuration management systems.
Principle of Least Privilege
Create API keys with only the minimum scopes required for your use case.
Regular Rotation
Regularly rotate your API keys and immediately revoke any compromised keys.
Environment Variables
Store your API key as an environment variable:Testing Authentication
You can test your authentication by making a simple request to the Ping utility endpoint:If you’re getting authentication errors, double-check that your API key is correct and that it has the necessary scopes for the endpoint you’re trying to access.
Next Steps
Now that you understand authentication, you can:- Explore API Scopes to understand permission levels
- Check Rate Limits to understand usage restrictions
- Start sending messages with the API