API Keys
Create and manage API keys for the Smail API.
API keys authenticate requests to the Smail send endpoints. Keys are prefixed with sk_live_ and must be kept secret.
Creating an API key
import { SmailClient } from "@smail/smail-js";
// Use your JWT token for management operations
const smail = new SmailClient({ apiKey: process.env.SMAIL_JWT_TOKEN! });
const result = await smail.keys.create({
name: "Production",
scopes: ["send"],
});
// Store result.key immediately — it is shown only once
console.log("API key:", result.key);
console.log("Key ID:", result.api_key.id);result, err := client.Keys.Create(ctx, smail.CreateAPIKeyRequest{
Name: "Production",
Scopes: []string{"send"},
})
if err != nil {
log.Fatal(err)
}
// Store result.Key immediately — it is shown only once
fmt.Println("API key:", result.Key)
fmt.Println("Key ID:", result.APIKey.ID)The full API key is returned only once at creation time. Store it securely (e.g. in a secrets manager or environment variable). If you lose it, you must create a new key.
Listing API keys
Only the key prefix is returned when listing — the full value is never exposed after creation.
const { api_keys } = await smail.keys.list();
for (const key of api_keys) {
console.log(`${key.name} — ${key.key_prefix}... (created ${key.created_at})`);
}keys, err := client.Keys.List(ctx)
if err != nil {
log.Fatal(err)
}
for _, key := range keys {
fmt.Printf("%s — %s... (created %s)\n", key.Name, key.KeyPrefix, key.CreatedAt)
}Revoking an API key
Revocation is permanent. Revoked keys cannot be re-activated.
await smail.keys.revoke("key_abc123");err := client.Keys.Revoke(ctx, "key_abc123")
