Authentication
PostStack uses API keys to authenticate requests. Include your key in the Authorization header of every request.
API Key Authentication
Pass your API key in the Authorization header using the Bearer scheme:
curl https://api.poststack.dev/emails \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json"With the SDK, pass your key when initializing the client:
import { PostStack } from '@poststack.dev/sdk';
const poststack = new PostStack('sk_live_...');Creating API Keys
Create and manage API keys from the PostStack dashboard under Settings → API Keys. Your secret key is shown only once at creation -- store it securely.
Never expose your API key in client-side code, public repositories, or browser requests. Always use it server-side only.
Permission Levels
API keys support two permission levels:
| Permission | Description | Access |
|---|---|---|
full_access | Complete API access | Send emails, manage domains, contacts, templates, webhooks |
sending_access | Send-only access | Send emails and view email status only |
Domain-Scoped Keys
You can optionally scope an API key to specific verified domains. A domain-scoped key can only send emails from addresses on its allowed domains.
{
"name": "Marketing emails only",
"permission": "sending_access",
"domain_ids": ["dom_abc123", "dom_def456"]
}SMTP Authentication
If you prefer to send emails via SMTP relay, use the following credentials:
| Setting | Value |
|---|---|
| Username | poststack |
| Password | sk_live_... (your API key) |