Authentication
Learn how to securely authenticate with HeliosSend API using tokens.
Overview
API Key Authentication
HeliosSend uses API Key authentication via the Authorization header. Each request must include your API Key.
Your API Key is included in the Authorization header of each request. This provides secure authentication without exposing your credentials in the request body.
Getting Your API Key
API Key
Obtain your API Key from your HeliosSend dashboard.
- Log in to your HeliosSend account
- Navigate to Dashboard → API Keys section
- Copy your API Key (starts with
cs_)
Keep Your API Key Safe
Never share your API Key or expose it in client-side code, public repositories, or logs.
Using Your API Key
Authorization Header
Header Format
Include your API Key in the Authorization header:
Authorization: cs_YOUR_API_KEYExample Request
Here's how to include it in a request:
curl -X POST "https://client.heliossend.com/send" \
-H "Content-Type: application/json" \
-H "Authorization: cs_ig-DHv_6PltD7JnxQQEZ4DUzSpG5U87QJPiVIyDWw4DGkZUuSd0y3C4aI7BS06qO" \
-d '{
"from": "contact@helioseditor.com",
"to": ["recipient@example.com"],
"subject": "Test Email",
"html": "<p>This is a test email.</p>"
}'Using API Key in Requests
Authorization Header
Request Format
Include your API Key in the Authorization header. The request body does not include authentication:
{
"from": "sender@example.com",
"to": ["recipient@example.com"],
"subject": "Test Email",
"html": "<p>Hello!</p>"
}Complete Example
curl -X POST "https://client.heliossend.com/send" \
-H "Content-Type: application/json" \
-H "Authorization: cs_ig-DHv_6PltD7JnxQQEZ4DUzSpG5U87QJPiVIyDWw4DGkZUuSd0y3C4aI7BS06qO" \
-d '{
"from": "contact@helioseditor.com",
"to": ["recipient@example.com"],
"subject": "Test Email",
"html": "<p>This is a test email.</p>"
}'Security Best Practices
Token Security
- Store API Key in environment variables, not in code
- Never commit API Key to version control
- Rotate API Key regularly if compromised
- Use different API Keys for development and production
- Monitor API usage for suspicious activity
- Regenerate API Key if you suspect it's been exposed
Error Responses
Authentication Errors
Invalid API Key (401)
{
"detail": "Invalid user credentials"
}Account Not Active (403)
{
"detail": "Account not active"
}