postkit
Getting Started

API Keys

Create and manage your Postkit API keys

API keys authenticate your requests to the Postkit API. Each key is scoped to an organization and can be used for both REST API and SMTP relay.

Key types

PrefixEnvironmentBehavior
pk_live_ProductionSends real emails through the delivery pipeline
pk_test_Test/SandboxSimulates all operations without delivering emails

Test keys are useful for development and CI pipelines. They return realistic responses but never contact mail servers.

Creating a key

Log in to the dashboard

Go to app.postkit.eu and sign in to your account.

Open Settings > API Keys from the sidebar.

Create the key

Click Create API Key and give it a descriptive name (for example, "Production Backend" or "CI Pipeline").

Copy the key

Copy the key immediately after creation.

Your API key is shown only once. Postkit stores a SHA-256 hash of the key — we cannot retrieve the plaintext later. If you lose it, create a new key and revoke the old one.

Using your key

Include the key in the Authorization header with the Bearer scheme:

curl -X GET https://api.postkit.eu/v1/emails \
  -H "Authorization: Bearer pk_live_abc123..."

Every API request must include this header. Requests without a valid key receive a 401 Unauthorized response.

Key rotation

Rotate your keys periodically to limit the impact of a compromised key. Follow these steps for zero-downtime rotation:

  1. Create a new key in the dashboard
  2. Update your application to use the new key
  3. Verify the new key works by sending a test request
  4. Revoke the old key once the new key is confirmed working

Both keys work simultaneously until you revoke the old one. This ensures zero downtime during rotation.

Security best practices

  • Never commit API keys to source control. Use environment variables (for example, POSTKIT_API_KEY).
  • Use pk_test_ keys in development and CI environments.
  • Rotate keys periodically, and immediately if a key is exposed.
  • Each key has a key_prefix visible in the dashboard (first 16 characters) for identification without exposing the full key.

Quickstart

Send your first email with Postkit in under 5 minutes

Guides

Step-by-step guides for every Postkit feature

On this page

Key typesCreating a keyLog in to the dashboardNavigate to API KeysCreate the keyCopy the keyUsing your keyKey rotationSecurity best practices