SuprSend provides 2 methods for authentication:

1. Workspace Key & Secret

This authentication method is available when you are using one of our SDKs to send requests. Unlike API keys, Workspace Secret is not exposed on network, and is relatively more safer option.

Using Workspace Key & Secret

The Workspace Key and Secret are pre-generated for every environment. You can access your workspace key & secret by following steps below:

  1. Go to a workspace > Settings (left panel) > API Keys

  2. On API Keys page, you will findWorkspace KeyandWorkspace Secret. Click on them to copy.

If you wish to rotate the Workspace Key & Secret, please contact us on support@suprsend.com

🚧 Never share workspace secret with anyone including our support team

2. API Keys

When making requests over HTTPS, you can generate your private API key for a workspace directly through the SuprSend dashboard.

Generate API Keys

Use these steps to create an API key for your SuprSend account:

  1. Go to a workspace > Settings (left panel) > API Keys

  2. On API Keys page, click onGenerate Key

  3. Enter a Name for the API key

  1. SelectCreate and Viewand copy the token

🚧 The token is only displayed once. Store the token somewhere secure that you can access when you make API requests.

Your API keys carry many privileges. Don’t store them in publicly-accessible areas.

After rotating tokens make sure you always use the new token.

Rotate API Keys

As a security best practice, rotate tokens periodically.

  • To rotate an existing API key, selectDisableto disable the existing key and generate a new API key.

Best Practices for Enhanced Security

  1. Never commit your key to your repository

  2. Use Environment Variables in place of your API key

  3. Use a Key Management Service

  4. Monitor your account usage and rotate your keys when needed

Rotation Strategy

1. Scheduled Rotation: Implement a scheduled rotation of API keys (e.g., every 6 months) to reduce the risk of long-term exposure.

2. Ad-Hoc Rotation: Rotate keys immediately if you suspect that a key has been compromised or if it has been inadvertently exposed.


Was this page helpful?