send0
API Reference

API Keys

Create and manage API keys for authentication.

Create an API key

POST /v1/keys

Creates a new API key for authenticating requests.

Body parameters

ParameterTypeRequiredDescription
namestringYesDescriptive name for the key
modestringNolive, test, or restricted (default: live)
scopesstring[]NoPermission scopes (required for restricted mode)
allowed_ipsstring[]NoCIDR allowlist (e.g. ["10.0.0.0/8"])

TypeScript SDK

const key = await send0.keys.create({
  name: 'Production API Key',
  mode: 'live',
});

Python SDK

key = client.keys.create(
    name="Production API Key",
    mode="live",
)
print(key.key)  # sk_live_... (shown once)

Go SDK

key, err := client.Keys.Create(ctx, &send0.CreateKeyParams{
    Name: "Production API Key",
    Mode: "live",
})
fmt.Println(key.Key) // sk_live_... (shown once)

curl

curl -X POST https://api.send0.dev/v1/keys \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production API Key",
    "mode": "live"
  }'

Response (201)

{
  "id": "key_5mKpLvRw9nQx",
  "object": "api_key",
  "name": "Production API Key",
  "key": "sk_live_abc123...",
  "mode": "live",
  "scopes": ["*"],
  "created_at": "2026-04-12T10:30:00Z"
}

Important: The full API key (key field) is only shown once in the creation response. Store it securely — it cannot be retrieved again. Keys are stored as SHA-256 hashes.

List API keys

GET /v1/keys

Returns a list of all API keys for your workspace. Keys are masked, showing only the last 4 characters.

TypeScript SDK

const keys = await send0.keys.list();

Python SDK

result = client.keys.list()
for key in result.data:
    print(key.id, key.name, key.mode)

Go SDK

list, err := client.Keys.List(ctx)
for _, key := range list.Data {
    fmt.Println(key.ID, key.Name, key.Mode)
}

curl

curl https://api.send0.dev/v1/keys \
  -H "Authorization: Bearer sk_live_..."

Response (200)

{
  "data": [
    {
      "id": "key_5mKpLvRw9nQx",
      "object": "api_key",
      "name": "Production API Key",
      "key_hint": "...c123",
      "mode": "live",
      "scopes": ["*"],
      "created_at": "2026-04-12T10:30:00Z",
      "last_used_at": "2026-04-14T08:15:00Z"
    }
  ],
  "has_more": false,
  "cursor": null
}

Revoke an API key

DELETE /v1/keys/:id

Immediately revokes the key. All requests using this key will return 401 Unauthorized.

TypeScript SDK

await send0.keys.revoke('key_5mKpLvRw9nQx');

Python SDK

client.keys.revoke("key_5mKpLvRw9nQx")

Go SDK

err := client.Keys.Revoke(ctx, "key_5mKpLvRw9nQx")

curl

curl -X DELETE https://api.send0.dev/v1/keys/key_5mKpLvRw9nQx \
  -H "Authorization: Bearer sk_live_..."

Response (200)

{
  "id": "key_5mKpLvRw9nQx",
  "object": "api_key",
  "deleted": true
}

Key prefixes

PrefixTypeDescription
sk_live_ProductionReal email sending
sk_test_TestSandbox mode, no real delivery
sk_restr_RestrictedScoped permissions

Create a restricted key

Restricted keys have scoped permissions and optional IP allowlists. Use them to limit access to specific operations.

Available scopes

ScopeDescription
emails:sendSend emails and batch sends
emails:readRead and list emails
contacts:writeCreate, update, delete contacts
contacts:readRead and list contacts
templates:writeCreate, update, delete templates
templates:readRead and list templates
domains:writeAdd, verify, delete domains
domains:readRead and list domains
webhooks:manageManage webhook endpoints
keys:manageManage API keys

TypeScript SDK

const key = await send0.keys.create({
  name: 'Email sender only',
  mode: 'restricted',
  scopes: ['emails:send', 'emails:read'],
  allowed_ips: ['10.0.0.0/8', '192.168.1.0/24'],
});

Python SDK

key = client.keys.create(
    name="Email sender only",
    mode="restricted",
    scopes=["emails:send", "emails:read"],
    allowed_ips=["10.0.0.0/8", "192.168.1.0/24"],
)

Go SDK

key, err := client.Keys.Create(ctx, &send0.CreateKeyParams{
    Name:       "Email sender only",
    Mode:       "restricted",
    Scopes:     []string{"emails:send", "emails:read"},
    AllowedIPs: []string{"10.0.0.0/8", "192.168.1.0/24"},
})

Note: Restricted keys return 403 insufficient_scope when accessing endpoints outside their scopes. Requests from IPs outside the allowlist return 403 ip_not_allowed.

Security best practices

  • Never expose API keys in client-side code or version control
  • Use environment variables to store keys
  • Use test mode keys (sk_test_) during development
  • Rotate keys periodically from the dashboard
  • Use restricted keys (sk_restr_) for limited access

Webhooks

Configure webhook endpoints to receive event notifications.

Migration Guides

Migrate to send0 from other email providers.

On this page

Create an API keyBody parametersTypeScript SDKPython SDKGo SDKcurlResponse (201)List API keysTypeScript SDKPython SDKGo SDKcurlResponse (200)Revoke an API keyTypeScript SDKPython SDKGo SDKcurlResponse (200)Key prefixesCreate a restricted keyAvailable scopesTypeScript SDKPython SDKGo SDKSecurity best practices