This page explains how to authenticate requests to the SendPromptly API for the MVP.
API key (Bearer token)
SendPromptly uses API keys for authentication. Include the key in requests using the Authorization header with the Bearer scheme.
Example (curl):
curl -H "Authorization: Bearer $SENDPROMPTLY_API_KEY" \
-H "Content-Type: application/json" \
"https://api.sendpromptly.com/v1/notifications"
Where to find or create API keys
- API keys are issued per-account or per-project in your SendPromptly dashboard.
- For the MVP, a single API key per project is sufficient. Store the key in a secure place (environment variable, secrets manager).
Project scoping
If your deployment uses project scoping, include the project field in POST bodies (see Quick Start) or set the request-scoped project header (if supported by your deployment). Example body field:
{
"project": "proj_abcdef123",
"to": "user_123",
"subject": "Hi",
"body": "Hello"
}
Common responses
401 Unauthorized— missing or invalid API key.403 Forbidden— API key does not have permission for the requested project.429 Too Many Requests— rate-limited; backoff and retry.
Best practices
- Keep keys secret; do not embed them in client-side code.
- Rotate keys regularly and revoke compromised ones.
- Use project-scoped keys for separation between environments (staging/production).
If you need help issuing API keys, check your dashboard or contact support.