Skip to main content

API Keys

API keys authenticate your requests to the Lettr API.

Creating API Keys

Create keys in the dashboard or via API: 
const apiKey = await lettr.apiKeys.create({
  name: 'Production Server',
  permissions: ['emails:send', 'emails:read']
});

console.log(apiKey.key); // le_xxxxxxxxxxxx
// Store this key securely - it won't be shown again!

Key Format

Lettr API keys follow this format: 
le_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • le_ prefix identifies it as a Lettr key
  • 36 character random string

Using API Keys

curl https://api.lettr.dev/v1/emails \
  -H "Authorization: Bearer le_xxxxxxxxxxxx" \
  -H "Content-Type: application/json"

In SDKs

import { Lettr } from 'lettr';

const lettr = new Lettr('le_xxxxxxxxxxxx');
// or
const lettr = new Lettr(process.env.LETTR_API_KEY);

Key Types

TypeUse CaseDashboard
Full AccessServer-side applications
RestrictedLimited permissions
TestDevelopment/testing

Test vs Production Keys

FeatureTest KeyProduction Key
Prefixle_test_le_
Sends real emails
Rate limitsLowerStandard
AnalyticsLimitedFull

Best Practices

API keys should only be used server-side. Never include them in frontend JavaScript.
Store keys in environment variables, not in code.
Create new keys and retire old ones periodically.
Only grant the permissions each key needs.

List Your Keys

const keys = await lettr.apiKeys.list();

keys.forEach(key => {
  console.log({
    id: key.id,
    name: key.name,
    lastUsed: key.lastUsedAt,
    permissions: key.permissions
  });
});

Revoke a Key

await lettr.apiKeys.delete('key_123');
Revoking a key is immediate and permanent. Any applications using the key will stop working.