Security
Authentication
All API requests require authentication using an API key.
API Keys
API keys are used to authenticate requests to the ArtaMail API. You can create and manage API keys in your Dashboard Settings.
Key Types
| Prefix | Type | Description |
|---|---|---|
am_live_sk_* | Live Secret Key | For production use. Sends real emails. |
am_test_sk_* | Test Secret Key | For development. No emails sent, no database writes. |
Keep your keys secure
Never expose your API keys in client-side code, public repositories, or share them publicly. API keys should only be used in server-side code.
Using API Keys
Include your API key in the Authorization header as a Bearer token:
Terminal
curl -X POST https://artamail.artatol.com/api/v1/emails/send \ -H "Authorization: Bearer am_live_sk_your_key_here" \ -H "Content-Type: application/json" \ -d '{"to": "[email protected]", "template": "welcome"}'With SDKs
When using our SDKs, configure the API key via environment variables:
.env.local
ARTAMAIL_API_KEY=am_live_sk_your_key_hereThe SDK will automatically read the API key from the environment variable.
Test Mode
When using test API keys (am_test_sk_*), requests are processed but no side effects occur:
- Emails are not actually sent
- Contacts are not persisted to the database
- Responses include
test_mode: true - You can safely test your integration without affecting real data
json
{ "id": "test_email_abc123", "status": "queued", "test_mode": true}Authentication Errors
If authentication fails, you'll receive a 401 Unauthorized response:
json
{ "message": "Invalid or missing API key", "code": "UNAUTHORIZED"}Common causes
- • Missing Authorization header
- • Invalid API key format
- • Revoked or expired API key
- • Using a test key in production (or vice versa)