Skip to main content
The Pindo SMS SDK authenticates every request using a Bearer token. You obtain this token from your Pindo account and pass it to the PindoSMS constructor. The SDK attaches it automatically to each API call via the Authorization header.

Get your API token

1

Sign in to Pindo

Go to app.pindo.io and sign in or create an account.
2

Open security settings

Navigate to Account → Security settings.
3

Copy your token

Copy the API token shown on the page.

Pass the token to the SDK

The PindoSMS constructor accepts the token as its first argument: 
import { PindoSMS } from 'pindo-sms';

const pindo = new PindoSMS(process.env.PINDO_API_TOKEN!);
The constructor signature in full: 
new PindoSMS(token: string, baseUrl?: string, version?: string)
ParameterTypeDefaultDescription
tokenstringYour Pindo API token
baseUrlstring'https://api.pindo.io'Base URL for the Pindo API
versionstring'v1'API version prefix
You rarely need to change baseUrl or version — the defaults work for all production use.

Store your token safely

Store your API token in a .env file and load it with dotenv. Never hard-code the token in source files.
.env
PINDO_API_TOKEN=your_token_here
index.ts
import 'dotenv/config';
import { PindoSMS } from 'pindo-sms';

const pindo = new PindoSMS(process.env.PINDO_API_TOKEN!);
Never commit your .env file or hard-code your API token in source code. Add .env to your .gitignore file immediately. A leaked token gives anyone full access to your Pindo account and SMS credits.
In production environments (CI/CD, cloud platforms), set PINDO_API_TOKEN as an environment variable or secret rather than using a .env file.

How authentication works

Every request the SDK makes includes the following HTTP header: 
Authorization: Bearer <token>
For example, a call to sendSMS sends: 
POST https://api.pindo.io/v1/sms/
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Type: application/json
If the token is missing or invalid, the Pindo API returns a 401 Unauthorized response. The SDK surfaces this as a rejected Promise, which you can catch with a standard try/catch block. 
import 'dotenv/config';
import { PindoSMS } from 'pindo-sms';

const pindo = new PindoSMS(process.env.PINDO_API_TOKEN!);

async function main() {
  try {
    const response = await pindo.sendSMS({
      to: '+250781234567',
      text: 'Hello!',
      sender: 'MyApp',
    });
    console.log('Success:', response);
  } catch (error) {
    // Authentication failures are surfaced here
    console.error('Request failed:', error);
  }
}

main();

Build docs developers (and LLMs) love

Get started for freeTalk to us