Authentication
How to authenticate with the senderZ API using API keys.
Every API request requires authentication via an API key in the Authorization header.
API Key Format
senderZ API keys have two prefixes:
tf_live_— Production keys. Messages are delivered to real phones.tf_test_— Test keys. Messages are validated but not sent.
Making Authenticated Requests
Include your API key as a Bearer token:
curl https://api.senderz.com/v1/messages \
-H "Authorization: Bearer tf_live_YOUR_KEY"Error Responses
| Status | Code | Meaning |
|---|---|---|
| 401 | INVALID_API_KEY | API key is missing, malformed, or revoked |
| 403 | KEY_INACTIVE | API key has been deactivated |
| 429 | RATE_LIMIT_EXCEEDED | Too many requests. Wait and retry. |
Rate Limits
Rate limits are per API key:
- Trial (14-day): 50,000 API calls/month (Starter-level)
- Starter: 50,000 API calls/month
- Growth: 200,000 API calls/month
- Scale: Unlimited
When you hit the limit, the API returns 429 with a Retry-After header.
Security Best Practices
- Never commit API keys to version control
- Use environment variables to store keys
- Rotate keys regularly from your dashboard
- Use test keys (
tf_test_) during development - Each team member should have their own key
Key Management
Create, revoke, and manage API keys from the Developer Portal. You can have multiple active keys — useful for separating production and staging environments.