Skip to main content
API keys are used to authenticate requests to the Sendook API. Each API key is associated with an organization and provides full access to that organization’s resources.
API keys provide complete access to your organization. Keep them secure and never commit them to version control or expose them in client-side code.

Create API Key

curl -X POST https://api.sendook.com/v1/api_keys \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production API Key"
  }'
Create a new API key for your organization.
The API key value is only returned once during creation. Store it securely - you won’t be able to retrieve it again.

Request Body

name
string
required
A descriptive name for the API key to help you identify its purpose.Cannot be empty or contain only whitespace.Example: "Production API Key", "Development Key", "CI/CD Pipeline"

Response

id
string
Unique identifier for the API key.
name
string
The descriptive name of the API key.
key
string
The actual API key value. This is only returned when creating the key.
Store this value securely. It will not be shown again.
organizationId
string
ID of the organization this API key belongs to.
active
boolean
Whether the API key is active. New keys are active by default.
createdAt
string
ISO 8601 timestamp of when the API key was created.
updatedAt
string
ISO 8601 timestamp of when the API key was last updated.

List API Keys

curl https://api.sendook.com/v1/api_keys \
  -H "Authorization: Bearer YOUR_API_KEY"
Retrieve all API keys for your organization.
For security reasons, the actual key values are never returned when listing API keys.

Response

Returns an array of API key objects.
id
string
Unique identifier for the API key.
name
string
The descriptive name of the API key.
organizationId
string
ID of the organization this API key belongs to.
active
boolean
Whether the API key is active.
createdAt
string
ISO 8601 timestamp of when the API key was created.
updatedAt
string
ISO 8601 timestamp of when the API key was last updated.

Get API Key

curl https://api.sendook.com/v1/api_keys/key_123 \
  -H "Authorization: Bearer YOUR_API_KEY"
Retrieve a specific API key by its ID.

Path Parameters

apiKeyId
string
required
The unique identifier of the API key to retrieve.

Response

id
string
Unique identifier for the API key.
name
string
The descriptive name of the API key.
organizationId
string
ID of the organization this API key belongs to.
active
boolean
Whether the API key is active.
createdAt
string
ISO 8601 timestamp of when the API key was created.
updatedAt
string
ISO 8601 timestamp of when the API key was last updated.

Delete API Key

curl -X DELETE https://api.sendook.com/v1/api_keys/key_123 \
  -H "Authorization: Bearer YOUR_API_KEY"
Delete an API key. Once deleted, the key can no longer be used to authenticate API requests.
This action is permanent and cannot be undone. Any applications using this API key will immediately lose access.

Path Parameters

apiKeyId
string
required
The unique identifier of the API key to delete.

Response

Returns the deleted API key object.
id
string
Unique identifier for the deleted API key.
name
string
The descriptive name of the API key.
organizationId
string
ID of the organization this API key belonged to.
active
boolean
Will be false for deleted keys.
createdAt
string
ISO 8601 timestamp of when the API key was created.
updatedAt
string
ISO 8601 timestamp of when the API key was last updated.

Authentication

API keys are used to authenticate all requests to the Sendook API. Include your API key in the Authorization header of each request: 
Authorization: Bearer YOUR_API_KEY

Example Request

curl https://api.sendook.com/v1/inboxes \
  -H "Authorization: Bearer sk_live_abc123..."

Security Best Practices

Store API keys in environment variables or secure secret management systems. Never hardcode them in your application code.
# Good
export SENDOOK_API_KEY=sk_live_abc123...

# Bad (never do this)
const apiKey = "sk_live_abc123...";
Regularly rotate your API keys for enhanced security:
  1. Create a new API key
  2. Update your applications to use the new key
  3. Delete the old API key
This minimizes the impact if a key is ever compromised.
Use different API keys for different environments:
  • Development
  • Staging
  • Production
This provides isolation and makes it easier to manage access.
Use descriptive names for your API keys to track which keys are used where. This makes it easier to identify and revoke compromised keys.

Error Responses

401 Unauthorized
  • Missing or invalid API key
  • Deleted or inactive API key
403 Forbidden
  • API key doesn’t have permission to access the requested resource

Build docs developers (and LLMs) love

Get started for freeTalk to us