API Keys
Programmatically manage your API keys, including creation, listing, and revocation.
Overview
The API Keys API gives you full control over your authentication credentials. You can generate new keys for specific applications, list all active keys with their last usage details, and revoke keys that are no longer needed.
Base URL
https://api.unsent.dev/v1/api-keysEndpoints
List API Keys
Retrieve a list of all API keys associated with your team. This endpoint returns metadata about each key, including its truncated value and last used timestamp.
Endpoint: GET /api-keys
Response Object
Returns an array of key objects:
id: Unique identifier for the key.name: Human-readable name given to the key.partialToken: Retrieval version of the token (e.g.,unsent_...1234).permission: Scope of the key (FULLorSENDING).createdAt: Date when the key was created.lastUsed: Date when the key was last used to authenticate a request.
Response Example
[
{
"id": "key_123abc",
"name": "Production App",
"partialToken": "unsent_...a1b2",
"permission": "FULL",
"createdAt": "2024-01-01T12:00:00.000Z",
"lastUsed": "2024-01-05T15:30:00.000Z"
}
]Create API Key
Generate a new API key. You can specify permissions to limit what the key can do.
Endpoint: POST /api-keys
Request Body
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
name | string | Yes | - | A descriptive name for the key. |
permission | string | No | FULL | Access level: FULL (all access) or SENDING (email sending only). |
Response Object
token: The full API key string. This is only returned once.
Response Example
{
"token": "unsent_live_1234567890abcdef1234567890abcdef"
}Delete API Key
Revoke an API key immediately. Once deleted, the key can no longer be used for authentication.
Endpoint: DELETE /api-keys/{id}
Path Parameters
| Param | Type | Required | Description |
|---|---|---|---|
id | string | Yes | The ID of the API key to delete. |
Response Example
{
"success": true
}