Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mailglyph.com/llms.txt

Use this file to discover all available pages before exploring further.

MailGlyph supports multiple API key sets per workspace. Each key set contains:
  • Private key with pk_ prefix (for /v1/track)
  • Secret key with sk_ prefix (for server-side/private endpoints)
Use separate key sets for different services so you can rotate or revoke access without affecting everything else.
Never expose sk_ keys in browser code, mobile apps, or public repositories.

Domain scope

Every key can be configured with one of two scopes:
  • All domains (default): the key can operate across all verified domains in the workspace.
  • Specific domains: the key is restricted to an allowlist of workspace domains.
Domain scope is enforced for operations that use a sender domain, including /v1/send and SMTP sends. If a key is scoped to specific domains, the sender domain must be in that key’s allowlist.

Managing keys in the dashboard

From API Keys in the workspace dashboard, you can:
  • Create new keys
  • Set key name and domain scope
  • Edit name and domain scope
  • Revoke individual keys
When a key is revoked, it stops authenticating immediately.

Rotation and incident response

If you suspect a key leak:
  1. Revoke the affected key.
  2. Create a replacement key with the minimum required scope.
  3. Roll out the new key to your services.
Create and revoke keys as needed to rotate credentials without changing unrelated integrations.

SMTP notes

SMTP authentication uses secret keys. You can use any active sk_ key, including scoped keys. Scoped secret keys can only send from allowed domains. See SMTP. To send through the API with the same credentials, see Send Email API.