notify logoNotify
Sign in

Authentication & API Keys

Authentication in Notify is handled through API keys. Each account automatically receives an API key upon creation.

Key Management

Retrieving Your API Key Using the Dashboard

You can view all of your API keys from the Credentials page.

Regenerating Your API Key Using the Dashboard

  1. Go to the API Keys Dashboard
  2. Click "Regenerate API Key"
  3. Update all your applications to use the new key

Retrieving Your API Key Using the API

You can also programmatically retrieve your API keys using our API:

curl -X GET https://notify.cx/api/public/v1/api_keys \
  -H "x-api-key: your_api_key"

Response

{
  "success": true,
  "data": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "name": "Production API Key",
      "createdAt": "2025-04-10T12:00:00Z",
      "updatedAt": "2025-04-11T09:30:00Z",
      "active": true,
      "prefix": "a1b2c3d4..."
    }
  ]
}

Notice that we don't return the full API key for these GET requests, but only the prefix. This is to prevent you from accidentally exposing your API key in client-side code.

This behavior, of course, does not apply to a regenerate request.

Regenerating Your API Key Using the API

You can also regenerate API keys programmatically:

Using fetch

fetch("https://notify.cx/api/public/v1/api_keys/regenerate", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-api-key": process.env.NOTIFY_API_KEY
  },
  body: JSON.stringify({
    keyId: "123e4567-e89b-12d3-a456-426614174000"
  })
})
.then(response => response.json())
.then(data => {
  console.log("New API key:", data.data.api_key);
  // Store the new key securely and update your application
});

Using cURL

curl -X POST https://notify.cx/api/public/v1/api_keys/regenerate \
  -H "Content-Type: application/json" \
  -H "x-api-key: your_api_key" \
  -d '{
    "keyId": "123e4567-e89b-12d3-a456-426614174000"
  }'

Response

{
  "success": true,
  "message": "API key regenerated successfully. Make sure to update your x-api-key header.",
  "data": {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "api_key": "new-api-key-value"
  }
}

Important: The old key will be invalidated immediately when you generate a new one. Make sure to update all your applications (and the x-api-key header) with the new key.

Using Your API Key

Your API key can be used in two ways:

1. With the SDK

import Notify from "notifycx";
const notify = new Notify(process.env.NOTIFY_API_KEY);

2. Direct API Calls

Example - Sending an Email

fetch("https://notify.cx/api/public/v1/send-email", {
  headers: {
    "Content-Type": "application/json",
    "x-api-key": process.env.NOTIFY_API_KEY,
  },
});

Security Best Practices

  • Store API keys in environment variables to keep them secure:

    NOTIFY_API_KEY=your_api_key_here

  • Never expose API keys in client-side code (e.g., JavaScript in browsers).

  • Use different keys for development and production environments (You need to upgrade to Pro to use multiple keys)

  • Regenerate compromised keys immediately from the dashboard.

Development vs Production Keys

We recommend using separate API keys for different environments:

  • Development key for testing and staging.
  • Production key for live applications.
  • Separate keys for different services or applications.

Please note that you need to upgrade to Pro to own multiple keys.

Key Rotation Best Practices

  • Rotate keys regularly for security.
  • Keep track of where API keys are used.
  • Update keys during low-traffic periods to minimize disruption.
  • Test applications after key updates to ensure continued functionality.

Next Steps