API Authentication
The Broadcast API uses token-based authentication. All API requests must include a valid API token.
Getting Your API Token
- Go to Settings > API Tokens in your dashboard
- Click Create Token
- Give your token a descriptive name
- Copy the token immediately - it won’t be shown again
Using Your Token
Include your API token in the Authorization header of every request:
curl -X GET "https://your-broadcast-instance.com/api/v1/subscribers" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"
Token Permissions
API tokens have full access to your Broadcast data, including:
- Reading and writing subscribers
- Sending broadcasts
- Managing sequences
- Accessing analytics
Security Best Practices
Keep Tokens Secret
- Never commit tokens to version control
- Use environment variables in your applications
- Rotate tokens periodically
Use HTTPS
Always make API requests over HTTPS. HTTP requests will be rejected.
Token Rotation
If you suspect a token has been compromised:
- Go to Settings > API Tokens
- Click Refresh on the compromised token
- Update your applications with the new token
Error Responses
401 Unauthorized
Your token is missing, invalid, or expired.
{
"error": "Unauthorized",
"message": "Invalid or missing API token"
}
403 Forbidden
Your token doesn’t have permission for this action.
{
"error": "Forbidden",
"message": "Insufficient permissions"
}
Rate Limiting
API requests are rate limited to prevent abuse:
- 100 requests per minute for most endpoints
- 10 requests per minute for sending operations
Rate limit headers are included in responses:
X-RateLimit-Limit- Maximum requests per windowX-RateLimit-Remaining- Requests remainingX-RateLimit-Reset- Unix timestamp when the limit resets
Base URL
All API endpoints use the following base URL:
https://your-broadcast-instance.com/api/v1
For the hosted SaaS version:
https://app.broadcast.email/api/v1
Next: Subscribers API - Learn how to manage subscribers via API.