Skip to main content

Supported auth modes

SendyKit supports three auth patterns:
ModeHeaderWhen to use
API keyX-API-KeyStandard integrations, operators, automation
JWTAuthorization: Bearer ...User/session-scoped browser or admin flows
Machine paymentX-Stripe-Machine-PaymentPremium actions for agent workflows

API key

This is the primary auth surface for integrations. 
curl -H "X-API-Key: sk_a1b2c3d4..." \
  https://your-server.com/sendykit/api/v2/brands

JWT

Use JWTs for session-style flows. 
curl -X POST https://your-server.com/sendykit/api/v2/auth/token \
  -d '{"username": "admin", "password": "..."}'
Then: 
curl -H "Authorization: Bearer eyJ..." \
  https://your-server.com/sendykit/api/v2/brands

Machine payments

For premium actions, SendyKit can require Stripe-native machine-payment proof. 
curl -H "X-API-Key: sk_a1b2c3d4..." \
  -H "X-Stripe-Machine-Payment: <payment-proof-or-intent-ref>" \
  https://your-server.com/sendykit/api/v2/ai/subject-lines
Current implementation target is Stripe-native machine payments. Raw/direct x402 should be treated as historical exploration, not the live customer path.
  • docs/AUTH-BILLING-MATRIX.md
  • docs/openapi/sendykit-v2.yaml
  • internal/http/middleware_billing.go