Skip to main content
All API requests require authentication using an API key.

API Keys

Unosend uses API keys to authenticate requests. You can create and manage API keys in your dashboard under API Keys.

API Key Format

All Unosend API keys are prefixed with un_ for easy identification: 
un_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Using the Authorization Header

Include your API key in the Authorization header as a Bearer token:
HTTP Header
Authorization: Bearer un_your_api_key

Example Request

cURL
curl -X POST https://www.unosend.co/api/v1/emails \
  -H "Authorization: Bearer un_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "from": "[email protected]",
    "to": ["[email protected]"],
    "subject": "Hello World",
    "html": "<h1>Hello!</h1>"
  }'

Code Examples

Here’s how to authenticate in different languages: 
const response = await fetch('https://www.unosend.co/api/v1/emails', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.UNOSEND_API_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    from: '[email protected]',
    to: ['[email protected]'],
    subject: 'Hello World',
    html: '<h1>Hello!</h1>'
  })
});

Creating API Keys

To create a new API key:
  1. Go to your Dashboard → API Keys
  2. Click “Create API Key”
  3. Give your key a descriptive name (e.g., “Production Server”)
  4. Select permissions and restrictions if needed
  5. Click “Create” and copy your key immediately
Important: Your API key is only shown once. Store it securely in environment variables or a secrets manager. Never commit API keys to version control.

Key Management

PermissionDescription
Full AccessRead and write access to all resources
Read OnlyView-only access to resources
Send OnlyCan only send emails, no other operations

Security Best Practices

Use Environment Variables

Store API keys in environment variables, not in code

Rotate Keys Regularly

Create new keys periodically and revoke old ones

Limit Permissions

Use keys with minimal required permissions

Monitor Usage

Review API usage logs for unusual activity

Do’s and Don’ts

  • Store keys in environment variables
  • Use different keys for development and production
  • Rotate keys after team member departures
  • Monitor API usage regularly

Error Responses

If authentication fails, you’ll receive one of these errors:
401 Unauthorized
{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}
403 Forbidden
{
  "error": {
    "code": "FORBIDDEN",
    "message": "API key does not have permission for this action"
  }
}

Next Steps

Send Your First Email

Follow our quick start guide

API Reference

Explore all API endpoints