Skip to main content
API keys allow programmatic access to the Trackly SMS API. Create, manage, and revoke keys from the dashboard.

Who Can Manage Keys

Only Owners can create, view, and delete API keys. Members and Viewers cannot access API key management.

Creating an API Key

  1. Go to Settings > API Keys
  2. Click Create API Key
  3. Enter a name (e.g., “Production API”, “Development”)
  4. Click Create
  5. Copy the key immediately — it won’t be shown again
API keys are shown only once at creation. Store them securely. If lost, create a new key.

Key Properties

PropertyDescription
NameDescriptive label for your reference
KeyThe secret value (shown once)
CreatedWhen the key was created
Last UsedWhen the key was last used for an API call
StatusActive or revoked

Using API Keys

Include the key in the X-Api-Key header: 
curl -X POST https://app.tracklysms.com/api/v1/messages \
  -H "X-Api-Key: your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"to": "+1...", "body": "Hello", "from_phone_number_id": "pn_..."}'
See API Authentication for details.

Revoking Keys

To revoke (delete) a key:
  1. Go to Settings > API Keys
  2. Find the key
  3. Click Delete
  4. Confirm deletion
Revocation is immediate. Any systems using this key will immediately fail with 401 errors.

Key Rotation

Best practice: Rotate keys periodically.
  1. Create a new key
  2. Update your systems to use the new key
  3. Verify the new key works
  4. Delete the old key

Multiple Keys

You can have multiple active keys:
KeyUse Case
Production APILive application
DevelopmentTesting and development
Partner IntegrationThird-party access
This allows:
  • Rotating one without affecting others
  • Different access for different systems
  • Easier tracking of which system uses which key

Discord Linking

API keys are also used to link Discord accounts: 
/sms link YOUR_API_KEY
The key verifies your identity and links Discord to your account.

Security Best Practices

Use environment variables or secret managers. Add keys to .gitignore.
Different keys for dev, staging, production. Easier to rotate and track.
Check the “Last Used” column. If a key hasn’t been used in months, consider revoking.
When team members with key access leave, rotate keys as a precaution.

Troubleshooting

  • Check the key is correct (no extra spaces)
  • Verify the key hasn’t been revoked
  • Ensure you’re using X-Api-Key header
Keys can’t be recovered. Create a new one and update your systems.
Only Owners can manage API keys. Ask an Owner for a key or to upgrade your role.

Next Steps

API Reference

Start making API calls

Billing

View usage and costs