Authentication

All API requests require a Bearer token in the Authorization header:

Authorization: Bearer om_live_your_api_key_here

API keys are prefixed with om_live_ for production.

Getting an API key

API keys are provisioned during onboarding. Contact support@openmail.sh to get started.

Keep your API key secret. Do not expose it in client-side code.
Each API key is scoped to a single account. Requests authenticate to the account that owns the key.
If you believe your key has been compromised, contact support immediately for rotation.

// 401 Unauthorized
{
  "error": "unauthorized",
  "message": "Missing or invalid Authorization header"
}

⌘I