Sluice Docs
Reference

API keys

API keys authenticate requests to the Sluice REST API. Each key is scoped to your organization.

Key format

All Sluice API keys use the sl_live_ prefix:

sl_live_abc123def456...

Creating a key

  1. Go to Settings > API Keys in the Sluice dashboard
  2. Click Create Key
  3. Give it a descriptive name (e.g., "production-agent", "staging", "n8n-workflow")
  4. Copy the key immediately

Keys are shown once. The full key is displayed only at creation time. Store it in a secrets manager or environment variable — it cannot be retrieved later.

Using a key

Pass the key in the Authorization header as a Bearer token:

curl -X POST https://app.sluice.email/api/v1/emails \
  -H "Authorization: Bearer sl_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "from": "agent@yourdomain.com",
    "to": "customer@example.com",
    "subject": "Hello",
    "text": "Hello from Sluice!"
  }'

In your application code, use an environment variable:

// Node.js
const response = await fetch('https://app.sluice.email/api/v1/emails', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.SLUICE_API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ from, to, subject, text }),
})
# Python
import os
import requests
 
requests.post(
    "https://app.sluice.email/api/v1/emails",
    headers={"Authorization": f"Bearer {os.environ['SLUICE_API_KEY']}"},
    json={"from": from_addr, "to": to_addr, "subject": subject, "text": text},
)

Revoking a key

Go to Settings > API Keys, find the key by name, and click Revoke. The key stops working immediately. Any requests using the revoked key will receive a 401 unauthorized error.

Security best practices

  • Never hardcode keys in source code. Use environment variables or a secrets manager.
  • Use descriptive names so you can identify which key is used where.
  • Create separate keys for production and development/staging environments.
  • Rotate keys periodically — revoke the old key after deploying the new one.
  • Revoke unused keys — if a key is no longer needed, revoke it.

Rate limits

Rate limits and organization-level quotas apply regardless of which API key is used. All keys within an organization share the same rate limit pool. See Error codes for the 429 rate_limit_exceeded response.

Previous

Account Settings

Next

Error codes

On this page