Skip to main content

Authentication

The Sequenzy API uses API keys for authentication. Every request must include your API key in the Authorization header.

Getting Your API Key

  1. Log in to your Sequenzy dashboard
  2. Navigate to Settings → API Keys
  3. Click Create API Key
  4. Give your key a descriptive name (e.g., “Production Backend”, “Development”)
  5. Copy and securely store your key—it won’t be shown again
Keep your API key secret. Never expose it in client-side code, public repositories, or logs. Treat it like a password.

Using Your API Key

Include your API key in the Authorization header with every request: 
Authorization: Bearer YOUR_API_KEY

Example Request

curl "https://api.sequenzy.com/api/v1/subscribers" \
  -H "Authorization: Bearer sk_live_abc123..."

Example in Code

const response = await fetch("https://api.sequenzy.com/api/v1/subscribers", {
  headers: {
    Authorization: `Bearer ${process.env.SEQUENZY_API_KEY}`,
    "Content-Type": "application/json",
  },
});

API Key Best Practices

1. Use Environment Variables

Never hardcode API keys in your source code: 
// Good
const apiKey = process.env.SEQUENZY_API_KEY;

// Bad
const apiKey = "sk_live_abc123..."; // Don't do this!

2. Create Separate Keys for Each Environment

  • Production key: Used only on production servers
  • Development key: Used for local development and testing
  • CI/CD key: Used for automated testing (if needed)
This way, if a development key is compromised, your production data stays safe.

3. Rotate Keys Periodically

If you suspect a key has been compromised:
  1. Create a new API key
  2. Update your application to use the new key
  3. Delete the old key

4. Never Commit Keys to Git

Add your environment file to .gitignore: 
# .gitignore
.env
.env.local
.env.production

5. Use Secrets Management in Production

For production deployments, use your platform’s secrets management:
  • Vercel: Environment Variables in dashboard
  • AWS: AWS Secrets Manager or Parameter Store
  • Heroku: Config Vars
  • Docker: Docker Secrets or environment variables

Authentication Errors

401 Unauthorized

{
  "success": false,
  "error": "Unauthorized"
}
This error occurs when:
  • The API key is missing from the request
  • The API key is invalid or has been deleted
  • The API key format is incorrect
Solution: Check that you’re including the Authorization: Bearer YOUR_KEY header with a valid key.

Common Mistakes

MistakeCorrect Format
Missing “Bearer” prefixAuthorization: Bearer sk_live_...
Using X-API-Key headerUse Authorization header instead
Exposing key in URLPass key in header, not query params
Using test key in productionUse sk_live_ prefix for production

Managing API Keys

View Active Keys

In Settings → API Keys, you can see:
  • Key name
  • Created date
  • Last used timestamp

Delete a Key

To revoke access:
  1. Go to Settings → API Keys
  2. Find the key you want to delete
  3. Click Delete
  4. Confirm the deletion
Deleting a key immediately invalidates it. Any requests using that key will start failing.

Security Recommendations

Server-Side Only

Only use API keys in server-side code. Never expose them to browsers: 
// Server-side (Node.js, Next.js API route) - Safe
export async function POST(request) {
  const response = await fetch("https://api.sequenzy.com/api/v1/...", {
    headers: { Authorization: `Bearer ${process.env.SEQUENZY_API_KEY}` },
  });
}

// Client-side (React component) - NEVER do this
function Component() {
  // This exposes your key to anyone viewing the page source!
  fetch("https://api.sequenzy.com/api/v1/...", {
    headers: { Authorization: "Bearer sk_live_..." }, // DANGEROUS!
  });
}

Use HTTPS Only

Always use https:// when making API requests. The API does not accept unencrypted HTTP connections.

Monitor Usage

Regularly check the “Last used” timestamp for your API keys. If you see unexpected activity, rotate the key immediately.

Next Steps

API Reference

Explore all available endpoints

Quick Start

Send your first email in 5 minutes