Send API
API Key Safety

API Key Safety

API keys authorize email sends. Treat them like production credentials.

Rules

  • Store keys in environment variables or a secret manager.
  • Never commit keys.
  • Never paste keys into screenshots or tickets.
  • Use IP allowlists when possible.
  • Rotate keys when a service owner changes.
  • Disable unused API templates.

Example environment use

export PING8_API_KEY="replace-with-your-key"

Rotation process

  1. Create a new API template or key.
  2. Deploy the new key to your application.
  3. Send one test email.
  4. Confirm delivery telemetry.
  5. Disable the old key.
  6. Delete the old key after a safe waiting period.
Tracking and WebhooksMailboxes and SMTP