API Keys
API keys are the recommended way to authenticate with the TXTLINK API. They provide secure, scoped access to your account without exposing your password.
Getting Your API Key
To generate an API key, you need to:
- Have at least one approved sender ID in your account
- Log in to your TXTLINK dashboard
- Navigate to Settings → API Keys
- Click "Create API Key"
- Copy the key immediately—you won't be able to see it again!
API Key Types
Test Keys
Use test keys for development and testing. Messages sent with test keys are not delivered to real phone numbers.
Live Keys
Use live keys for production. Messages sent with live keys are delivered to real phone numbers and charged to your account.
Using API Keys
Include your API key in the Authorization header of every API request as a Bearer token:
# Using API Key in requests
curl -X POST https://api.txtlink.com/v1/sms/send \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"to": "+254712345678",
"message": "Hello from TXTLINK!",
"senderIdName": "TXTLINK"
}'Environment Variables
Store your API key in an environment variable. Never hardcode it in your source code.
# .env file
TXTLINK_API_KEY=sk_live_abc123xyz...Security Best Practices
- Never commit API keys to version control
- Use different keys for test and production environments
- Rotate keys regularly (at least every 90 days)
- Revoke keys immediately if compromised
- Use IP whitelisting for additional security (Enterprise plans)
Key Management
Creating Keys
You can create multiple API keys for different applications or environments. Each key is independent and can be revoked separately.
- Name your keys descriptively (e.g., "Production App", "Staging Server")
- Use test keys during development
- Switch to live keys only when ready for production
Revoking Keys
If a key is compromised or no longer needed, revoke it immediately from the dashboard. Revoked keys cannot be used for new requests.