Authentication

The Textingline API authenticates requests using HTTP Basic Auth. Use your API Key ID as the username and API Key Secret as the password.

Obtaining API keys

Log in to your Textingline dashboard and navigate to Settings > API Keys. From there you can create, view, and revoke keys.

Each key pair consists of:

🔒

Your Key Secret is displayed only once when created. Copy it immediately and store it in a secure location such as a secrets manager or environment variable.

Making authenticated requests

Include the credentials in the Authorization header using the standard Basic Auth scheme:

curl -X POST https://platform.textingline.com/api/v1/messaging/message \
  -u "your_key_id:your_key_secret" \
  -H "Content-Type: application/json" \
  -d '{"to": "+18005551234", "from": "+18005559876", "body": "Hello!"}'

Most HTTP clients and libraries handle Basic Auth natively — just supply the Key ID and Secret as username and password.

Security best practices

• Use HTTPS only. All requests must be made over HTTPS. Plain HTTP connections are refused.
• Never expose keys in client-side code. API calls should always originate from your backend server, never from a browser or mobile app.
• Don't commit keys to version control. Use environment variables or a secrets manager instead.
• Rotate keys periodically. If you suspect a key has been compromised, revoke it immediately and generate a new one from the dashboard.
• Use separate keys per environment. Create distinct keys for development, staging, and production so you can revoke one without affecting others.

Authentication errors

Requests with missing or invalid credentials receive a 401 Unauthorized response:

{
  "code": 33001,
  "message": "Authentication failed",
  "status": 401,
  "moreInfo": "https://docs.smsfactory.com/page/errors"
}

See Error Codes for the full reference.