Getting an API key
API keys are created from your Messages.dev dashboard.
- Go to API Keys in the sidebar
- Click Create Key
- Give it a name and copy the key. It starts with
sk_live_ and is only shown once
Store your API key securely. It won’t be displayed again after creation.
If you lose it, revoke it and create a new one.
Authenticating requests
import { createClient } from "@messages-dev/sdk";
const client = createClient();
const client = createClient({ apiKey: "sk_live_..." });
Scopes
Each API key has scopes that control which endpoints it can access.
| Scope | Grants access to |
|---|
messages:read | GET /messages |
messages:write | POST /messages |
chats:read | GET /chats |
lines:read | GET /lines |
reactions:read | GET /reactions |
reactions:write | POST /reactions |
typing:read | GET /typing |
typing:write | POST /typing |
receipts:read | GET /receipts |
receipts:write | POST /receipts |
webhooks:read | GET /webhooks |
webhooks:write | POST, DELETE /webhooks |
outbox:read | GET /outbox |
Line restrictions
API keys can be restricted to specific lines. A line-restricted key can only
read and write data for its allowed lines. Requests to other lines return 403.
This is useful when you have multiple integrations or want to limit blast radius.
You can configure line restrictions when creating a key in the dashboard.
All API keys automatically have access to the sandbox line, regardless of line restrictions. Errors
| Scenario | Status | Code |
|---|
No Authorization header | 401 | missing_api_key |
| Invalid or revoked key | 401 | invalid_api_key |
| Key lacks required scope | 403 | insufficient_scope |
| Key can’t access this line | 403 | line_not_accessible |
