🔑 API Keys
API keys give your application access to the Fire SMS API. Pass your key as api_key in the request body or query string with every request.
Passing Your API Key
In the request body (recommended):
{
"api_key": "YOUR_API_KEY",
"to": "27821234567",
"text": "Hello!"
}As a query parameter:
https://firesms.vercel.app/api/v1/send?api_key=YOUR_API_KEY&to=27821234567&text=HelloAll Fire SMS API keys are prefixed with fsk_ so they’re easy to identify.
fsk_a3f9c2e1b4d87a6f...Creating a Key
Open the dashboard
Log in at firesms.vercel.app and navigate to API Keys.
Create a new key
Click New Key, give it a descriptive name (e.g. production, staging, my-app), and enter your account password.
Your password is used to encrypt the key so you can reveal it again later — it is never stored on the server.
Copy your key
Your raw key is shown once immediately after creation.
Copy and store your key securely now. If you lose it, use Reveal with your password to view it again at any time.
Managing Keys
You can create as many keys as you need — one per environment, per app, or per team. Each key in the dashboard shows:
| Field | Description |
|---|---|
| Name | The label you gave the key at creation |
| Created | When the key was generated |
| Last used | The most recent time a request was made using this key |
| Status | Active or Revoked |
Revealing a Key
Click Reveal next to any key and enter your account password. The key is decrypted client-side — your password is never sent to the server.
Revoking a Key
Click Revoke next to a key to immediately block it from authenticating. The key record is kept so you can re-enable it later if needed.
Revoking a key takes effect instantly. Any application using that key will receive 401 Unauthorized until you re-enable it or rotate to a new key.
Re-enabling a Key
Revoked keys show a Re-enable button. Clicking it restores the key to active status immediately.
Deleting a Key
Deleting permanently removes the key and its record. This cannot be undone. Use revoke instead if you might need to restore it.
Error Responses
| Status | Meaning |
|---|---|
401 Unauthorized | Missing, invalid, or revoked API key |
403 Forbidden | Valid key but insufficient permissions |
Best Practices
- Use a separate key per environment (
development,staging,production) - Store keys in environment variables — never hardcode them
# .env
FIRESMS_API_KEY=fsk_your_key_here- Revoke keys immediately if they are exposed or compromised
- Rotate keys periodically as part of your security hygiene
Never commit API keys to version control. Add .env to your .gitignore and use a secrets manager in production.