Skip to main content

Overview

Kurrier exposes a simple, unified authentication model for its HTTP API. All API endpoints are authenticated using API keys and are available under the Kurrier namespace: 
https://www.kurrier.io/api/kurrier

API Keys

API keys are managed from the Kurrier dashboard.

Creating an API key

  1. Go to API Keys in the dashboard
  2. Click Add API Key
  3. Give it a name (for example: prod-app, newsletter, staging)
  4. Save the key securely — it is shown only once
API keys are account-wide. Fine‑grained scopes will be added later; for now, keys have full access.

HTTP API Authentication

All HTTP requests must include your API key using a Bearer token.

Header format

Authorization: Bearer YOUR_API_KEY

Example request

curl https://www.kurrier.io/api/kurrier/messages/<<message id>>   -H "Authorization: Bearer YOUR_API_KEY"
If the API key is missing, invalid, or revoked, the API will respond with: 
401 Unauthorized

Identity-aware Requests

Kurrier supports multiple sending identities (email addresses). When sending email or performing identity-specific actions, the request body or URL will reference an Identity ID. Authentication itself is always performed using the API key. This allows:
  • One API key to manage multiple identities
  • Clear audit trails
  • Provider‑agnostic delivery (SES, SendGrid, etc.)
Identity IDs can be found in the Identities section of the dashboard.

Security Best Practices

  • Treat API keys like passwords
  • Never commit them to source control
  • Use separate keys for staging and production
  • Rotate keys immediately if exposed

Summary

  • Kurrier uses API key–based authentication
  • All requests authenticate via the Authorization: Bearer header
  • API keys are managed in the dashboard
  • Identity context is handled at the request level
  • SMTP support will be added in a future release