Authentication
How to authenticate with the Envloped API
Authentication
All Envloped API requests require authentication using an API key. This guide shows you how to get your API key and use it in your requests.
Getting Your API Key
- Log in to your Envloped dashboard
- Navigate to Settings → API Keys
- Click Create API Key
- Give your key a descriptive name (e.g., "Production Server")
- Copy the key immediately - it won't be shown again
Using Your API Key
Include your API key in the Authorization header of every request:
Authorization: Bearer YOUR_API_KEYcURL Example
curl -X POST https://api.envloped.com/v1/emails \
-H "Authorization: Bearer en_abc123..." \
-H "Content-Type: application/json" \
-d '{"to": "user@example.com", "subject": "Hello"}'JavaScript Example
const response = await fetch('https://api.envloped.com/v1/emails', {
method: 'POST',
headers: {
'Authorization': 'Bearer en_abc123...',
'Content-Type': 'application/json',
},
body: JSON.stringify({
from: 'hello@yourdomain.com',
to: 'user@example.com',
subject: 'Hello from Envloped',
html: '<p>Welcome!</p>',
}),
});
const data = await response.json();Python Example
import requests
response = requests.post(
'https://api.envloped.com/v1/emails',
headers={
'Authorization': 'Bearer en_abc123...',
'Content-Type': 'application/json',
},
json={
'from': 'hello@yourdomain.com',
'to': 'user@example.com',
'subject': 'Hello from Envloped',
'html': '<p>Welcome!</p>',
}
)
print(response.json())Security Best Practices
- Never expose your API key in client-side code or public repositories
- Use environment variables to store your API key
- Rotate keys regularly, especially if you suspect they may have been compromised
- Use separate keys for development and production environments
- Delete unused keys from your dashboard
Environment Variables
We recommend storing your API key in an environment variable:
# .env file (never commit this!)
ENVLOPED_API_KEY=en_abc123...// Access in your code
const apiKey = process.env.ENVLOPED_API_KEY;Error Responses
If authentication fails, you'll receive a 401 Unauthorized response:
{
"error": {
"code": "unauthorized",
"message": "Invalid or missing API key"
}
}Common causes:
- Missing
Authorizationheader - Invalid or revoked API key
- Incorrect header format (must be
Bearer YOUR_KEY)