User GuideAPI Keys

API Keys

API Keys are used to authenticate programmatic access to the FormaMail API. Manage your keys, set permissions, and monitor usage from this page.

Overview

API keys allow your applications to interact with FormaMail without requiring user login. Each key can have specific permissions and usage limits.

Creating an API Key

  1. Click Create New API Key button
  2. Enter a descriptive name (e.g., “Production Server”, “Testing App”)
  3. Select permissions:
    • âś… Send Emails
    • âś… Manage Templates
    • âś… View Analytics
    • âś… Manage Team
  4. Optionally set expiration date
  5. Click Create Key

⚠️ Important: Copy your API key immediately! You won’t be able to see it again for security reasons.

API Key Format

fm_sk_abc123xyz456...

All API keys use the fm_sk_ prefix followed by a secure random string.

Permissions

Send Emails

  • Send emails via API
  • Required for email sending operations

Manage Templates

  • Create, update, delete templates
  • Publish/unpublish templates

View Analytics

  • Access email metrics
  • Generate reports

Manage Team

  • Invite team members
  • Update roles and permissions

Best Practices

  • Use descriptive names: Identify keys by purpose or application
  • Rotate regularly: Change keys every 90 days
  • Limit permissions: Grant only necessary permissions
  • Separate keys per environment: Use different keys for dev, staging, production
  • Monitor usage: Check API activity regularly
  • Revoke unused keys: Delete keys no longer in use

Security

  • Never commit keys to Git: Use environment variables
  • Store securely: Use secret management tools
  • Monitor unauthorized use: Check activity logs
  • Revoke compromised keys: Immediately delete if exposed

Using API Keys

In Code (Node.js)

const response = await fetch('https://api.formamail.com/api/emails/send', {
  headers: {
    'Authorization': 'Bearer fm_sk_abc123...',
    'Content-Type': 'application/json'
  }
});

In Environment Variables

# .env
FORMAMAIL_API_KEY=fm_sk_abc123xyz456...

Monitoring Usage

Each API key displays:

  • Total requests: Number of API calls made
  • Last used: Timestamp of last usage
  • Status: Active or Revoked

Revoking Keys

To revoke an API key:

  1. Find the key in the list
  2. Click Revoke button
  3. Confirm revocation
  4. Key becomes invalid immediately

Note: Applications using revoked keys will receive 401 Unauthorized errors.

Rate Limiting

API keys are subject to rate limits based on your plan:

PlanRequests/minute
Free60
Starter300
Pro1,000
EnterpriseCustom

Need help? Contact support@formamail.com or check our API Reference

API PlaygroundTeam Management