Authentication

SendPipe uses API keys for programmatic access and session tokens for dashboard access. Each API key is scoped to a single project.

API Key Authentication

Pass your API key in the X-SendPipe-Key header with every request. The key identifies both your organization and project.

curl https://api.sendpipe.io/v1/messages \
  -H "X-SendPipe-Key: sp_live_xxxxxxxxxxxxxxxx"

Project Scoping

Every API key belongs to exactly one project. When you authenticate with a key, all operations are automatically scoped to that project's providers, domains, and message logs. Different projects = different API keys.

Session Authentication

The dashboard uses session-based authentication with Bearer tokens. This is for the web interface only — use API keys for programmatic access.

# Login to get a session token
curl -X POST https://api.sendpipe.io/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@company.com", "password": "your_password"}'

# Use the token
curl https://api.sendpipe.io/v1/auth/me \
  -H "Authorization: Bearer ses_xxxxxxxxxxxxxxxx"

Rate Limits

Rate limits are applied at two levels:

Rate limit info is returned in response headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.

Managing API Keys

Create and manage API keys from the dashboard or via the API. The plaintext key is shown once at creation and never stored.

# Create an API key for a project
curl -X POST https://api.sendpipe.io/v1/projects/transactional/keys \
  -H "Authorization: Bearer ses_xxx" \
  -H "Content-Type: application/json" \
  -d '{"name": "Production server"}'

# Response (key shown once):
# {
#   "id": "key_abc123",
#   "name": "Production server",
#   "key": "sp_live_xxxxxxxxxxxxxxxxxxxx",
#   "created_at": "2026-03-27T10:00:00Z"
# }