do.dev

Authentication

Authenticate with the do.dev API using API keys

All API requests to do.dev require authentication via an API key.

API Keys

Generate API keys from the do.dev dashboard. Each key is scoped to specific services and permissions.

Sending Your API Key

Include your API key in requests using either method:

Authorization header (recommended):

Authorization: Bearer sk_live_your_api_key_here

X-API-Key header:

X-API-Key: sk_live_your_api_key_here

Scopes

API keys are scoped to control access. Common scopes include:

ScopeDescription
telco:readRead access to Telco API (lookup, search, carriers)
send:writeSend emails, manage templates and domains
send:readRead email status, list templates and domains
talk:writeGenerate speech audio
talk:readList voices and formats
platform:webhooks:readView webhook endpoints and events
platform:webhooks:manageCreate, update, and delete webhook endpoints
platform:events:readQuery the event log

Key Prefixes

PrefixEnvironment
sk_live_Production keys
sk_test_Test/sandbox keys

Security Best Practices

  • Never expose API keys in client-side code or public repositories
  • Use environment variables to store keys
  • Rotate keys regularly
  • Use the minimum required scopes for each key
  • Set IP allowlists when possible

Error Responses

If authentication fails, you'll receive a 401 Unauthorized response:

{
"error": "unauthorized",
"message": "Invalid or missing API key"
}

If your key lacks the required scope, you'll receive a 403 Forbidden response:

{
"error": "forbidden",
"message": "Insufficient scope. Required: telco:read"
}