Authentication
All API requests require authentication using Bearer tokens. Learn how to securely authenticate your API calls.
API Keys
ReachScore uses API keys to authenticate requests. You can create and manage API keys from your dashboard settings.
Key Prefixes
rk_live_Live mode keys
Use for production. Tests real email deliverability with actual inbox placement checks.
rk_test_Test mode keys
Use for development. Returns simulated results without sending real emails.
Making Authenticated Requests
Include your API key in the Authorization header using Bearer authentication:
curl https://api.reachscore.co/v1/tests \ -H "Authorization: Bearer rk_live_your_api_key_here" \ -H "Content-Type: application/json"
Mode Isolation
Test mode and live mode data are completely isolated. Resources created with a test key are only accessible with test keys, and vice versa.
Live Mode
- Real email deliverability tests
- Actual inbox placement checks
- Counts against your plan limits
- Production-ready results
Test Mode
- Simulated responses
- No real email processing
- Does not count against limits
- Perfect for development
API Key Scopes
API keys can be restricted to specific scopes for enhanced security:
| Scope | Description |
|---|---|
| tests:read | Read test results |
| tests:write | Create and manage tests |
| domains:read | Read domain information |
| domains:write | Create and verify domains |
| monitors:read | Read monitor configurations |
| monitors:write | Create and manage monitors |
| webhooks:manage | Manage webhook endpoints |
| billing:manage | Access billing and subscription |
Security Best Practices
- Never expose API keys in client-side code or public repositories
- Use environment variables to store keys securely
- Create separate keys for different environments (dev, staging, production)
- Use the minimum required scopes for each key
- Rotate keys periodically and revoke unused keys