Access your API Key

An API Key is a secure, alphanumeric identifier that enables authentication and access to Messangi’s APIs. It works as an access token that validates the identity of the requester and authorizes specific actions based on that identity.

Only admin users can access their API Key. It is located in the Preferences section of the platform, under the API tab.

📘

NOTE

Each API Key is uniquely tied to a specific Space.

You must include the API Key in the headers of your HTTP requests to access the platform’s endpoints. It authorizes actions such as sending messages, retrieving reports, configuring campaigns, and more.

Therefore, the API Key is unique to your Space and must be included in your API requests to validate access.

This section will display the following API Key information:

• Current API Key: This field contains your active API Key, which is masked by default for security.

  Click the Show button on the lower right to reveal the key.

  Use the copy icon at the end of the field to quickly copy the key to your clipboard.

  🚧

  warning

  This API Key should be kept secure and never shared or exposed in public code.

• Creation Date: Displays the date and time when the current API Key was generated.

  This helps you track when the key was issued, which is useful for enforcing expiration policies or auditing access.

• Status: Displays the current state of the API Key. The possible statuses are:

  • Active: The key is valid and ready to use in API calls.
    
    
  • Expired: The key has reached its expiration date and can no longer be used.
    
    
  • Revoked: The key has been manually disabled and is no longer valid.

• Expiration Date: Indicates the date and time when the API Key will become invalid.

  This field is critical for planning key rotation. Once this date is reached, the key will automatically be marked as Expired.

• Action Buttons: At the bottom right of the panel, you’ll see two possible key actions:

  1. Revoke API Key: This button allows you to immediately disable the current API Key.

     Clicking this opens a confirmation dialog. Once confirmed, the key is revoked permanently and cannot be reactivated.

     
     

     Once the Confirm button is clicked, a notification email is sent to the admin confirming the revocation of the API Key.

     

     A new button labeled Generate API Key becomes available, and the API Key status will change to "Revoked".

     

     
     

  2. Generate API Key: This button allows you to create a new API Key after the previous one has been revoked or is no longer valid (expired).

     Clicking this opens a configuration dialog that lets the admin define when the new API Key will expire.

     
     

     Options to generate a new API Key are the following:

     • Never: The key will remain valid indefinitely.
       
       
     • After: Expires automatically after a defined number of days, weeks, months, or years.
       
       
     • Custom: The admin selects a specific expiration date from a calendar picker.

     Once the Confirm button is clicked, a notification email is sent to the admin confirming that a new API Key has been generated and is now linked to the same Space.

     
     

🚧

Security Recommendations

• Keep your API Key confidential.
• Do not share it publicly or embed it in client-side code.
• If you suspect the key has been exposed, revoke the API Key immediately and contact our Support Team.