Skip to main content

What are API keys?

API keys allow external systems to authenticate with the Swiftsell API. You use them to:
  • Authenticate webhook calls to Trigger Campaigns (pass the key as a Bearer token)
  • Access the Swiftsell REST API from your own applications
All Swiftsell API keys start with the prefix ss_.

Creating an API key

  1. Go to Settings → API Keys.
  2. Click Create API Key.
  3. Enter a Name to identify what this key is used for (e.g., “Shopify Integration”, “Zapier”).
  4. Click Create.
  5. Copy the key — it will only be shown once.
Store the API key securely after copying it. Swiftsell does not store the full key and cannot show it again. If you lose a key, you must delete it and create a new one.

Key properties

PropertyDescription
NameLabel you assigned when creating the key
Prefixss_ — all Swiftsell keys start with this
Last usedThe last time this key was used to make an authenticated request
CreatedWhen the key was created
The Last used timestamp helps you identify stale keys that are no longer in use.

Using an API key

Pass the key as a Bearer token in the x-api-key header: 
x-api-key: your_api_key
Example — trigger campaign webhook: 
curl -X POST https://app.swiftsellai.com/api/campaigns/YOUR_CAMPAIGN_ID/trigger \
  -H "x-api-key: your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "phone": "+14155552671",
    "name": "Jane Smith",
    "order_number": "ORD-12345"
  }'

Deleting an API key

  1. Go to Settings → API Keys.
  2. Click the Delete (trash) icon next to the key you want to remove.
  3. Confirm the deletion.
Deleting a key immediately invalidates it — any system using that key will start receiving 401 Unauthorized responses. Make sure to update any integrations that rely on the key before deleting.

Security best practices

  • One key per integration — create a separate key for each external system. This makes it easy to revoke a specific integration’s access without affecting others.
  • Rotate keys periodically — create a new key, update your integration, then delete the old one.
  • Monitor last-used timestamps — delete keys that haven’t been used in a long time.
  • Never commit keys to source control — use environment variables or a secrets manager.