Every request to the Sentvia API must include a valid Bearer API key. There are no cookies, sessions, or OAuth flows — just a single header that you attach to every call. This page explains where to get a key, how to pass it, and how to manage keys safely across environments.
Base URL
All Sentvia endpoints live under the following base URL. Append any path from the API reference directly to it.
https://sentvia-api-production.up.railway.app/v1
Content-Type: application/json on requests that include a body.
API keys
Sentvia authenticates every request with a Bearer API key. You create and manage keys from the Sentvia dashboard under API keys. A key looks like this:
Pass your key in the Authorization header on every request:
curl https://sentvia-api-production.up.railway.app/v1/inboxes \
-H "Authorization: Bearer sv_live_…"
Never ship an API key in client-side code or commit one to source control. Store keys in environment variables or a secrets manager, and load them at runtime — never hard-code them.
Key management
Sentvia gives you fine-grained control over the keys in your workspace:
- Multiple keys per workspace — issue a separate key for each service, environment, or integration so you can revoke one without affecting the others.
- Rotate freely — create a new key, deploy it to your service, then revoke the old key. Revocation takes effect instantly across all infrastructure.
- Last-used tracking — the dashboard records when each key was last used, making it straightforward to identify and retire stale keys before they become a risk.
Errors
A missing or invalid key returns a 401 Unauthorized response:
{ "error": "invalid token" }
Authorization: Bearer header and that the key has not been revoked in the dashboard. For the full list of status codes and error shapes, see Error handling.