Authentication
API keys, scopes, rotation, and how requests to the Msgera API are authorized.
Every request to the Msgera developer API must include an API key. Keys are scoped to your account and inherit your account's permissions and plan limits.
API key header
Send your key in the X-API-Key header on every request:
curl https://api.msgera.com/v1/developer/devices \
-H "X-API-Key: $MSGERA_KEY"Key format
Keys are issued from your dashboard under Settings → API keys and always start with the wak_ prefix, followed by 32 hexadecimal characters:
wak_4f8c2a1e9b6d3f5a7c8e0d2b4a6f8c1eTreat keys as secrets
Never commit a key to source control or expose it to the browser. Use environment variables or your hosting provider's secrets manager. You can list, rotate, and revoke keys at any time from the dashboard.
Rotating keys
Generate a new key in the dashboard, deploy it, then revoke the old one. Both keys are valid simultaneously until you revoke the previous one, so you can swap keys with zero downtime.
Authentication errors
| Field | Type | Description |
|---|---|---|
401 | Unauthorized | Missing or invalid X-API-Key header. |
429 | Rate limited | Too many requests for this account in the current window. |