Authentication

Learn how to authenticate your requests to the SuperSend API using API keys.

The SuperSend API uses API keys to authenticate requests. You can view your API key in the Organization Admin Settings page.

Response Format

V2 endpoints (and app-compat V1 endpoints) return a standardized response with success, data (or message), and request_id. Legacy V1 endpoints may return different shapes. Errors return:

json

{
  "error": {
    "type": "authentication_error",
    "code": "authentication_required",
    "message": "Authentication required",
    "doc_url": "https://docs.supersend.io/docs/errors#authentication_required"
  },
  "request_id": "req_a1b2c3d4e5f6789012345678"
}

Obtaining Your API Key

Click on your organization name in the top navigation

Go to Admin → System tab

Your API key is displayed there (one key per user account)

Your API key looks like this:

BBMRRJ2-T424J8W-K9PQZZR-BOP924

⚠️

Keep your API key secure

Your API key provides full access to your SuperSend account. Never share it in public repositories, client-side code, or expose it in browser requests.

Making Authenticated Requests

Include your API key in the Authorization header of every request using the Bearer token format:

V1 API

bash

curl https://api.supersend.io/v1/contacts \
  -H "Authorization: Bearer YOUR_API_KEY"

V2 API

bash

curl https://api.supersend.io/v2/teams \
  -H "Authorization: Bearer YOUR_API_KEY"

Example in Different Languages

Node.js

javascript

// V2 API example
const response = await fetch('https://api.supersend.io/v2/teams', {
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  }
});const data = await response.json();

Python

python

import requests
# V2 API example
response = requests.get(
    'https://api.supersend.io/v2/teams',
    headers={
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    }
)data = response.json()

Authentication Errors

V1 API Response

V1 returns various error formats:

json

{
  "success": false,
  "error": "Invalid or missing API key"
}

V2 API Response

V2 returns a standardized error format with HTTP 401 status:

json

{
  "error": {
    "type": "authentication_error",
    "code": "unauthorized",
    "message": "Authentication required",
    "doc_url": "https://docs.supersend.io/docs/errors#unauthorized"
  },
  "request_id": "req_a1b2c3d4e5f6789012345678"
}

Common causes:

Missing Authorization header

Invalid API key format (must include "Bearer " prefix)

Incorrect API key

Best Practices

Environment Variables

Store your API key in environment variables, never in source code:

bash

# .env file
SUPERSEND_API_KEY=BBMRRJ2-T424J8W-K9PQZZR-BOP924

javascript

// Access in code
const apiKey = process.env.SUPERSEND_API_KEY;

Server-Side Only

Always make API calls from your server, never from client-side code. Your API key should never be exposed in:

Browser JavaScript

Mobile app code

Public repositories

Client-side environment variables

API Key Management

ℹ️

One API Key Per Account

Each SuperSend account has one API key. If you need to revoke access, contact support@supersend.io to regenerate your key.

To view your API key:

Go to Organization Admin Settings

Your API key is displayed in the System tab

Click "Copy" to copy it to your clipboard

V1 vs V2 Authentication

Both V1 and V2 APIs use the same API key and authentication method. The only difference is the base URL:

Version	Base URL
V1	`https://api.supersend.io/v1`
V2	`https://api.supersend.io/v2`

V2 is recommended for new integrations due to better error handling and standardized responses.