Getting Started

Authentication

Authenticate every API request with a Bearer API key.

The MailBlastr API authenticates with an API key sent as a Bearer token. Keys are created in the dashboard under API Keys (or via the API); the full key is shown once at creation and stored only as a hash afterward.

Base URL

The API is built on REST principles and is served over HTTPS only — plain HTTP is not supported. Every request goes to the same base URL:

https://api.mailblastr.com

Authorization header

Add an Authorization header whose value is Bearer followed by your API key:

Authorization: Bearer mb_xxxxxxxxx
Treat API keys like passwords. Never commit them or expose them in client-side code — call the API from your server.

User-Agent header

Every API request must also include a User-Agent header. Requests without one are rejected with a 403, even when the API key is valid. Most HTTP clients set this automatically, but if you build requests by hand, set it explicitly:

User-Agent: my-app/1.0
If you get a 403 despite a valid API key, a missing User-Agent header is the most likely cause.

Permissions

Each key has a permission level:

PermissionCan do
full_accessSend email and manage resources (domains, audiences, contacts, campaigns, API keys).
sending_accessSend email only. Cannot create or delete domains, audiences, or other keys.

A sending_access key is the safest choice for a server that only needs to send transactional email. See Create API key.

Rate limit

The default rate limit is 5 requests per second per team, applied across all API keys on the team. Exceeding it returns a 429. Trusted senders can request an increase.

Errors

A missing key returns 401 missing_api_key; an invalid or revoked key returns 403 invalid_api_key; a key without the required permission returns 422 invalid_access; a missing User-Agent returns 403. See Errors.