Skip to main content
The public API authenticates with two headers on every request: your workspace identifier and an API key. There’s no OAuth dance and no bearer token — this is a server-to-server key pair.

The headers

X-Sender-Tenant
string
required
Your Workspace ID — the workspace slug (shown in Settings), or the workspace UUID. Both are accepted.
X-API-Key
string
required
Your workspace API key.

Getting an API key

An owner or admin mints a key:
1

From the dashboard

Settings → Integrations → create an API key.
2

From the API (event-ingest key)

POST /integrations/event-ingest-key (JWT-authed, owner/admin) issues a key for the public API.
The key has workspace-wide access to the public API — profile management, transactional send and webhook management all use the same key. Store it securely, never ship it in client-side code, and rotate it if it leaks by deleting and re-issuing it.

Example request

Validate a connection

Call GET /public/me to confirm your credentials — it returns your workspace name, plan and status. Make uses this same endpoint to render the connection chip.

Errors

  • Missing either header → 401 Missing tenant or API key.
  • Wrong key → 401 Invalid API key.
See Errors for the full error shape.