DailyDraft Help Center
Sign In Get Started

API Authentication

Authenticate API requests using API keys. Each key is scoped to a single newsletter.

Getting an API Key

  1. Go to your newsletter settings
  2. Click API Keys in the sidebar
  3. Click "Create API Key"
  4. Give it a descriptive name
  5. Copy the key (shown only once!)
Security Warning: Your API key is shown only once when created. Store it securely. If lost, you'll need to create a new key.

Using Your API Key

Include the API key in the X-API-Key header:

curl -X GET https://dailydraft.ai/api/v1/newsletter \
  -H "X-API-Key: dk_live_abc123..."

Key Format

API keys follow this format:

dk_live_[32 character random string]
  • dk = DailyDraft key
  • live = Production key (future: test for sandbox)

Key Scoping

Each API key is scoped to a single newsletter:

  • Requests only affect that newsletter's data
  • You can't access other newsletters with the same key
  • Create separate keys for each newsletter

Managing Keys

View Keys

See all active keys in Newsletter Settings → API Keys. You'll see:

  • Key name
  • Last 4 characters of the key
  • Created date
  • Last used date

Regenerate Key

If a key is compromised:

  1. Go to API Keys
  2. Click "Regenerate" on the key
  3. The old key is immediately invalidated
  4. Copy the new key

Delete Key

Remove keys you no longer need:

  1. Go to API Keys
  2. Click "Delete"
  3. Confirm deletion

Authentication Errors

Missing Key

HTTP/1.1 401 Unauthorized

{
  "error": {
    "code": "unauthorized",
    "message": "API key is required"
  }
}

Invalid Key

HTTP/1.1 401 Unauthorized

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key"
  }
}

Expired/Deleted Key

HTTP/1.1 401 Unauthorized

{
  "error": {
    "code": "unauthorized",
    "message": "API key has been revoked"
  }
}

Best Practices

  • Don't commit keys: Never put API keys in source code
  • Use environment variables: Store keys in ENV variables
  • Rotate regularly: Regenerate keys periodically
  • Use descriptive names: Name keys by their use (e.g., "Zapier Integration")
  • Monitor usage: Check "last used" to detect unauthorized access

OAuth (For Integrations)

Building a third-party integration? We also support OAuth 2.0:

  • Used for Zapier and other integrations
  • Authorization Code flow
  • Contact us for OAuth app setup

Example: Node.js

const axios = require('axios');

const client = axios.create({
  baseURL: 'https://dailydraft.ai/api/v1',
  headers: {
    'X-API-Key': process.env.DAILYDRAFT_API_KEY,
    'Content-Type': 'application/json'
  }
});

// Get subscribers
const response = await client.get('/subscriptions');
console.log(response.data);

Example: Python

import requests
import os

API_KEY = os.environ['DAILYDRAFT_API_KEY']
BASE_URL = 'https://dailydraft.ai/api/v1'

headers = {
    'X-API-Key': API_KEY,
    'Content-Type': 'application/json'
}

# Get subscribers
response = requests.get(f'{BASE_URL}/subscriptions', headers=headers)
print(response.json())

Example: Ruby

require 'httparty'

API_KEY = ENV['DAILYDRAFT_API_KEY']
BASE_URL = 'https://dailydraft.ai/api/v1'

response = HTTParty.get(
  "#{BASE_URL}/subscriptions",
  headers: {
    'X-API-Key' => API_KEY,
    'Content-Type' => 'application/json'
  }
)

puts response.parsed_response

Still need help?

Can't find what you're looking for? Chat with our AI assistant or create a support ticket.

Sign in to get support