TXTLINK

Authentication

TXTLINK API supports two authentication methods: API keys (recommended) and username/password. Choose the method that works best for your application.

Authentication Methods

API Key (Recommended)

Recommended

Use API keys for production applications. More secure and easier to manage.

Bearer sk_live_...

Username/Password

Use your account credentials. Great for testing and simple integrations.

Basic Auth or body

API Key Types

Test Keys

Use test keys for development. Messages sent with test keys are not delivered to real phone numbers.

sk_test_...

Live Keys

Use live keys for production. Messages sent with live keys are delivered to real phone numbers and charged to your account.

sk_live_...

Using API Keys

Include your API key in the Authorization header of every API request as a Bearer token:

bash
curl https://api.txtlink.com/v1/sms/send \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "+254712345678",
    "message": "Hello from TXTLINK",
    "senderIdName": "TXTLINK"
  }'

Getting Your API Key

Generate API keys from Settings → API Keys in your dashboard. You'll need at least one approved sender ID first.

Using Username/Password

You can authenticate using your account email and password in two ways:

Use HTTP Basic Authentication. This is the standard and most secure method:

bash
curl https://api.txtlink.com/v1/sms/send \
  -u "your-email@example.com:your-password" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "+254712345678",
    "message": "Hello from TXTLINK",
    "senderIdName": "TXTLINK"
  }'

Security Note

While username/password authentication is convenient, API keys are more secure for production use. Consider rotating passwords regularly and never commit credentials to version control.

Environment Variables

Store your API key in an environment variable. Never hardcode it in your source code.

.env
bash
# .env file
TXTLINK_API_KEY=sk_live_abc123xyz...

Security Best Practices

  • Never commit API keys to version control
  • Use different keys for test and production environments
  • Rotate keys regularly
  • Use IP whitelisting for additional security

Key Rotation

Regularly rotate your API keys to maintain security. You can create new keys and revoke old ones from the dashboard without service interruption.

  1. Generate a new API key in Settings → API Keys
  2. Update your environment variables with the new key
  3. Test that your application works with the new key
  4. Revoke the old key once you've confirmed everything works

IP Whitelisting

For additional security, you can restrict API key usage to specific IP addresses. This prevents unauthorized access even if your key is compromised.

IP Whitelisting

IP whitelisting is available for Enterprise plans. Contact support to enable this feature.