> ## Documentation Index
> Fetch the complete documentation index at: https://docs.senderz.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate every public API request with your workspace ID and API key.

The public API authenticates with two headers on every request: your workspace identifier and an API key. There's no OAuth dance and no bearer token — this is a server-to-server key pair.

## The headers

<ParamField header="X-Sender-Tenant" type="string" required>
  Your **Workspace ID** — the workspace slug (shown in Settings), or the
  workspace UUID. Both are accepted.
</ParamField>

<ParamField header="X-API-Key" type="string" required>
  Your workspace API key.
</ParamField>

## Getting an API key

An owner or admin mints a key:

<Steps>
  <Step title="From the dashboard">
    **Settings → Integrations** → create an API key.
  </Step>

  <Step title="From the API (event-ingest key)">
    `POST /integrations/event-ingest-key` (JWT-authed, owner/admin) issues a
    key for the public API.
  </Step>
</Steps>

<Warning>
  The key has **workspace-wide** access to the public API — profile
  management, transactional send and webhook management all use the same key.
  Store it securely, never ship it in client-side code, and rotate it if it
  leaks by deleting and re-issuing it.
</Warning>

## Example request

<CodeGroup>
  ```bash cURL theme={null}
  curl https://api.senderz.app/api/v1/public/me \
    -H "X-Sender-Tenant: your-workspace-slug" \
    -H "X-API-Key: your-api-key"
  ```

  ```javascript Node.js theme={null}
  const res = await fetch("https://api.senderz.app/api/v1/public/me", {
    headers: {
      "X-Sender-Tenant": process.env.SENDERZ_WORKSPACE,
      "X-API-Key": process.env.SENDERZ_API_KEY,
    },
  });
  const { data } = await res.json();
  ```

  ```python Python theme={null}
  import requests

  res = requests.get(
      "https://api.senderz.app/api/v1/public/me",
      headers={
          "X-Sender-Tenant": WORKSPACE,
          "X-API-Key": API_KEY,
      },
  )
  data = res.json()["data"]
  ```
</CodeGroup>

## Validate a connection

Call [`GET /public/me`](/en/api-reference/me) to confirm your credentials — it returns your workspace name, plan and status. Make uses this same endpoint to render the connection chip.

## Errors

* Missing either header → `401 Missing tenant or API key`.
* Wrong key → `401 Invalid API key`.

See [Errors](/en/api-reference/errors) for the full error shape.
