Skip to main content

API Authentication

SendSquared offers two types of API authentication methods, each designed for different use cases and security requirements.

API Key Types

Basic API Key (x-api-key)

Basic API keys are designed for client-side applications where the token might be exposed. This includes:

  • Web applications
  • Native mobile apps
  • Any public-facing site

These tokens have limited access and require additional authentication:

  • Header: x-api-key
  • Security: Less secure, requires domain validation
  • Origin Header: Must include an Origin or Referer header matching the domain the key is locked to
    • Automatically included in web browser requests
    • Must be manually added when using CURL or server-side requests

API Token (x-api-token)

API Tokens are similar to GitHub authentication tokens and provide full access with the permissions of the associated user.

  • Header: x-api-token
  • Security: Highly secure - never store in client-side code or insecure locations
  • Access: Full API access with user permissions
  • Use Cases: Server-to-server communication, backend services, secure environments
Security Warning

Never share your API Token via email or store it in version control. Treat it like a password - it provides full access to your account.

Example Usage

Using API Token with CURL

curl -X GET https://app-api.sendsquared.com/v1/reservations \
-H 'x-api-token: your-api-token-here'

Using Basic API Key with Origin Header

curl -X GET https://app-api.sendsquared.com/v1/public-endpoint \
-H 'x-api-key: your-api-key-here' \
-H 'Origin: https://yourdomain.com'

Choosing the Right Key Type

Use CaseRecommended Key TypeReason
Frontend web appBasic API KeyToken may be visible in browser
Mobile applicationBasic API KeyToken stored on device
Backend serviceAPI TokenSecure server environment
Automation scriptsAPI TokenFull access needed
Public API integrationBasic API KeyLimited access for security

Best Practices

  1. Never expose API Tokens in client-side code or public repositories
  2. Rotate keys regularly for enhanced security
  3. Use environment variables to store keys in your applications
  4. Monitor API usage to detect any unauthorized access
  5. Limit key permissions to only what's necessary for your use case

Need Help?

If you're unsure which key type is appropriate for your use case, consider:

  • Where the key will be stored
  • What level of access is needed
  • Whether the environment is secure

Contact support with details about your intended use case for personalized guidance on the most appropriate authentication method.