Getting started
Authentication
Secure your API requests with bearer tokens.
Bearer token
All API requests must include your API key in the Authorization header as a Bearer token.
Authorization: Bearer ldm_live_sk_abc123...API key formats
LDM issues two types of API keys. Use the correct key for your environment:
| Prefix | Environment | Description |
|---|---|---|
ldm_live_ | Production | Delivers real messages. Charges apply. |
ldm_test_ | Sandbox | Simulates delivery. No charges, no real emails sent. |
Example request
curl https://api.live-direct-marketing.online/v1/messages \
-H "Authorization: Bearer ldm_live_sk_abc123..." \
-H "Content-Type: application/json"Error responses
If the API key is missing, malformed, unknown, or revoked, the API returns the same generic 401 Unauthorized response. This is intentional — distinct error messages would let attackers enumerate valid key formats.
HTTP/1.1 401 Unauthorized
Content-Type: application/json
{
"statusCode": 401,
"message": "Invalid credentials"
}If you receive this response, double-check the Authorization header value, ensure the Bearer prefix is present, and confirm the key has not been revoked from your dashboard.
Security best practices
- ●Never commit API keys to version control.
- ●Store keys in environment variables or a secret manager.
- ●Use
ldm_test_keys during development. - ●Rotate keys periodically from the Dashboard.