API Keys
Transmit uses API keys to authenticate requests. You can create and manage your API keys in the Dashboard.Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so on.
Authentication Methods
Bearer Token (Recommended)
Pass your API key in theAuthorization header with the Bearer scheme:
Using SDKs
Our SDKs automatically handle authentication. Just provide your API key when initializing the client:API Key Types
Transmit supports different types of API keys:Live Keys
Live Keys
Use live keys in production. They start with
tx_live_.- Can send real emails
- Charges your account
- Full access to production data
Test Keys
Test Keys
Use test keys in development. They start with
tx_test_.- Simulates sending without actual delivery
- No charges
- Separate test data environment
Best Practices
Use Environment Variables
Store API keys in environment variables, never in your code
Rotate Keys Regularly
Generate new keys periodically and revoke old ones
Use Different Keys per Environment
Separate keys for development, staging, and production
Monitor API Key Usage
Check the dashboard for unusual activity on your keys
Testing Authentication
Test that your API key is working correctly:If authentication succeeds, you’ll receive a
200 OK response with the email ID.Error Responses
| Status Code | Error | Description |
|---|---|---|
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | API key doesn’t have required permissions |
| 429 | rate_limit_exceeded | Too many requests |
Rate Limits
API rate limits vary by plan:- Free: 100 requests/hour
- Starter: 1,000 requests/hour
- Pro: 10,000 requests/hour
- Enterprise: Custom limits
Rate limits are per API key. Contact support if you need higher limits.