Authentication
All MessageSmart API endpoints require authentication using an API key.
API Key Authentication
Include your API key in the X-API-Key header with every request:
X-API-Key: ms_live_1a2b3c4d5e6f7g8h9i0jComplete request example
curl -X POST "https://api.messagesmart.nl/api/v1/whatsapp/messages/text" \
-H "X-API-Key: ms_live_1a2b3c4d5e6f7g8h9i0j" \
-H "Content-Type: application/json" \
-d '{
"whatsAppBusinessId": "123456789012345",
"whatsAppBusinessPhoneNumberId": "106540352242922",
"to": "+31612345678",
"body": "Hello 👋"
}'API Key Properties
Each API key has the following attributes:
| Property | Description |
|---|---|
| Expiration | Keys expire after a configured lifetime (default: 365 days) |
| Quota limit | Maximum number of requests allowed per period (Daily or Monthly) |
| Quota usage | Current usage count, resets based on quota period |
| Rate limit | Request throttling to prevent abuse (default: 60 requests per minute) |
| Plan | Optional tier or plan label for grouping keys |
| Revocation | Keys can be revoked manually or automatically by policy |
Authentication Errors
If authentication fails, you’ll receive one of the following error responses:
Missing API Key (401)
{
"success": false,
"error": {
"code": "api_key_missing",
"message": "API key is missing.",
"httpStatus": 401
}
}Solution: Include the X-API-Key header in your request.
Invalid API Key (401)
{
"success": false,
"error": {
"code": "api_key_invalid",
"message": "API key is invalid.",
"httpStatus": 401
}
}Solution: Verify your API key is correct. Contact support if you need a new key.
Expired API Key (401)
{
"success": false,
"error": {
"code": "api_key_expired",
"message": "API key has expired.",
"httpStatus": 401
}
}Solution: Your API key has passed its expiration date. Contact support to obtain a new key.
Revoked API Key (401)
{
"success": false,
"error": {
"code": "api_key_revoked",
"message": "API key has been revoked.",
"httpStatus": 401
}
}Solution: This API key has been revoked and cannot be used. Contact support to obtain a new key.
Quota Exceeded (429)
{
"success": false,
"error": {
"code": "api_key_quota_exceeded",
"message": "API key quota has been exceeded.",
"httpStatus": 429
}
}Solution: You’ve reached your quota limit for the current period. Wait for the quota to reset or contact support to upgrade your plan.
Rate Limit Exceeded (429)
{
"success": false,
"error": {
"code": "rate_limit_exceeded",
"message": "Too many requests. Please try again later.",
"httpStatus": 429
}
}Solution: You’re sending requests too quickly. Slow down your request rate and retry. The response may include a Retry-After header indicating when to retry.
Security Best Practices
- Never commit API keys to version control
- Use environment variables to store keys
- Rotate keys periodically
- Use different keys for development and production
- Monitor your API usage for unexpected activity
Need an API Key?
Contact MessageSmart support to obtain your API key and configure your quota and rate limits.