How API keys work
API keys are team-bound tokens used to authenticate API, SDK, MCP, and SMTP requests. Project API keys are permanently limited to their owning project. Team API keys can authorize selected projects or every current and future project in their team. Every key can also be limited to sending, read-only, or custom permissions. Treat every key as a secret.Create a team API key
Use a team API key when an integration needs access to every current and future project in one team:- Navigate to Settings → Team API Keys.
- Click Create Team API Key.
- Give your API key a name.
- Choose the default project used when an integration does not select one explicitly.
- Choose Full access, Sending, Read-only, or Custom permissions.
Create a project API key
Use a project API key when credentials should be permanently limited to one project:- Select the project in the dashboard.
- Navigate to Project API Keys.
- Click Create Project API Key.
- Choose Full access, Sending, Read-only, or Custom permissions.
| Permission | Access |
|---|---|
email.send | REST and SMTP email sending |
push.send | Push notifications, tests, and Live Activities |
events.ingest | Production event ingestion |
resources.read | Read project resources |
resources.write | Create, update, and delete project resources |
* | Full access |
Select a project
REST requests and the JavaScript SDK use the key’s default project unlessX-Sendrealm-Project-Id is supplied. The selected project must belong to the key’s team and be authorized for that key.