Authentication
Authenticate every API request with a Bearer API key.
The MailBlastr API authenticates with an API key sent as a Bearer token. Keys are created in the dashboard under API Keys (or via the API); the full key is shown once at creation and stored only as a hash afterward.
Base URL
The API is built on REST principles and is served over HTTPS only — plain HTTP is not supported. Every request goes to the same base URL:
https://api.mailblastr.comAuthorization header
Add an Authorization header whose value is Bearer followed by your API key:
Authorization: Bearer mb_xxxxxxxxxUser-Agent header
Every API request must also include a User-Agent header. Requests without one are rejected with a 403, even when the API key is valid. Most HTTP clients set this automatically, but if you build requests by hand, set it explicitly:
User-Agent: my-app/1.0403 despite a valid API key, a missing User-Agent header is the most likely cause.Permissions
Each key has a permission level:
| Permission | Can do |
|---|---|
| full_access | Send email and manage resources (domains, audiences, contacts, campaigns, API keys). |
| sending_access | Send email only. Cannot create or delete domains, audiences, or other keys. |
A sending_access key is the safest choice for a server that only needs to send transactional email. See Create API key.
Rate limit
The default rate limit is 5 requests per second per team, applied across all API keys on the team. Exceeding it returns a 429. Trusted senders can request an increase.
Errors
A missing key returns 401 missing_api_key; an invalid or revoked key returns 403 invalid_api_key; a key without the required permission returns 422 invalid_access; a missing User-Agent returns 403. See Errors.