Authentication

To authenticate to our API, you need an API key. You can create and view this in your login in the Developer area. You can find out more about this in our Help article.

Create API key now

HTTP Basic Auth

Use HTTP Basic Auth with your API key. The API key is sent directly as a header, further encoding via Base64 is not required.

Example request with HTTP Basic Auth

curl https://gateway.seven.io/api/sms \
  -H 'Authorization: basic YOUR_API_KEY'

OAuth2 with Bearer Token

The prerequisite for authentication is that an app is registered with us and the customer has authorized it to use the API.

Learn more about OAuth2.0 →

Example request with Bearer Auth

curl https://gateway.seven.io/api/sms \
  -H 'Authorization: Bearer ACCESS_TOKEN'

Authentication via HTTP header

Send your API request with your API key in the X-Api-Key header

Example request with x-api-key header

curl https://gateway.seven.io/api/sms \
  -H 'X-Api key: YOUR_API_KEY'

Subaccount access

If you manage multiple subaccounts under a main account, you can use a single API key to act on behalf of any of your subaccounts. This avoids having to create a separate API key per subaccount for provisioning automation.

Prerequisites

  1. Logged in as the main account (not from within a subaccount).
  2. When creating or editing the API key in the Developer area, enable the "Subaccount access" option.

Usage

Send the X-Account-Id header containing the target subaccount's ID alongside X-Api-Key:

Send SMS on behalf of a subaccount

curl -G https://gateway.seven.io/api/sms \
  --data-urlencode "to=4917612345678" \
  --data-urlencode "text=hello" \
  -H 'X-Api-Key: YOUR_MAIN_API_KEY' \
  -H 'X-Account-Id: SUBACCOUNT_ID'

The request is processed as if it came from the subaccount: balance, sender IDs, settings, and debugger entries belong to the subaccount and are billed to it. The main key's scopes still gate which endpoints can be called.

Notes

  • The main account's configuration (IP whitelist, signing requirement, scopes) continues to apply, since the key itself belongs to the main account.
  • Subaccount management endpoints (e.g. /subaccounts) are not reachable while X-Account-Id is set, because subaccounts cannot themselves own subaccounts.
  • The API debugger records both the key used (main account) and the X-Account-Id header (target subaccount).
Deprecated

Authentication via GET/POST parameter or user/password

As an alternative to the above methods, we continue to support authentication via API key as GET or POST parameter p.

Transmission via GET in particular is not considered secure and should therefore not be used. For compatibility reasons, the deprecated authentication by user/password is still possible. This is strongly discouraged.

Show details
  • Name
    u
    Type
    string
    Optional
    Optional
    Description

    Your login alias or your e-mail address. Must be entered if p contains the login password.

  • Name
    p
    Type
    string
    Description

    Your API key or your login password.

Examples

HTTP GET with user/password

curl "https://gateway.seven.io/api/endpoint?u=YOUR_LOGIN&p=YOUR_PASSWORD"

HTTP GET with API key

curl "https://gateway.seven.io/api/endpoint?p=YOUR_API_KEY"

HTTP POST with API key

curl -X POST "https://gateway.seven.io/api/endpoint" \
    -d "p=YOUR_API_KEY"
Last updated: 23 hours ago