API keys provide programmatic access to your ColdSend account. Each key has specific scopes that determine what operations it can perform.
Creating an API Key
Create API keys through the ColdSend dashboard:
- Navigate to Settings > API Keys
- Click Create API Key and enter a descriptive name
- Select the scopes your integration needs
- Copy the key — it is only shown once
- Store it in a secrets manager or environment variable
| Prefix | Type | Usage |
|---|
cs_live_ | Production | For live production environments |
cs_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
Managing API Keys
The dashboard displays all API keys with:
- Key name and associated scopes
- Creation date and last used timestamp
- Status (active/revoked)
Available actions:
- View full key (only during creation)
- Revoke key immediately
- Delete and create new keys with different scopes
Revoked keys lose all access immediately and cannot be restored. Create a new key if needed.
Security Best Practices
Use Environment Variables
import os
api_key = os.environ.get("COLDSEND_API_KEY")
Separate Keys by Purpose
Create dedicated keys with minimal scopes:
| Use Case | Recommended Scopes |
|---|
| Campaign automation | campaigns:all, sender_accounts:read |
| Inbox provisioning | sender_accounts:create, sender_accounts:read |
| Analytics dashboard | campaigns:read, sender_accounts:read |
Key Storage
ColdSend stores only a hashed version of your API key (SHA-256 with a secret pepper). The original key is never stored, meaning lost keys must be regenerated. 
