Every API request requires authentication via an API key in the Authorization header.
API Key Format
senderZ API keys have two prefixes:
tf_live_— Production keys. Messages are delivered to real phones.tf_test_— Test keys. Messages are validated but not sent.
Making Authenticated Requests
Include your API key as a Bearer token:
curl https://api.senderz.com/v1/messages \
-H "Authorization: Bearer tf_live_YOUR_KEY"Error Responses
| Status | Code | Meaning |
|---|---|---|
| 401 | INVALID_API_KEY | API key is missing, malformed, or revoked |
| 403 | KEY_INACTIVE | API key has been deactivated |
| 429 | RATE_LIMIT_EXCEEDED | Too many requests. Wait and retry. |
Rate Limits
Rate limits are per API key:
- Trial (14-day): 50,000 API calls/month (Starter-level)
- Starter: 50,000 API calls/month
- Growth: 200,000 API calls/month
- Scale: Unlimited
When you hit the limit, the API returns 429 with a Retry-After header.
Security Best Practices
- Use test keys (
tf_test_) during development - Each team member should have their own key
Key Management
Create, revoke, and manage API keys from the Developer Portal. You can have multiple active keys — useful for separating production and staging environments.