Authentication

Authenticate public API requests with project API keys

All public API endpoints require authentication via project API keys. Console-scoped authentication JWTs are not used on these routes.

Headers

Header	Required	Description
X-SMX-API-Key	Yes	Project-scoped API key for the public API.
Content-Type: application/json	Yes	Required for JSON request bodies.
Idempotency-Key	Optional	Recommended on send routes to avoid duplicate retries.

Project API keys

API keys belong to a project. The project defines templates, OTP rules, test numbers, logs, stats, and the active linked device used for delivery.

Idempotency

Example send request with idempotency

typescript

auth-example.ts

1fetch("https://api.smx.app/v1/send-otp", {
2  method: "POST",
3  headers: {
4    "Content-Type": "application/json",
5    "X-SMX-API-Key": "smx_live_xxxx",
6    "Idempotency-Key": "signup-7421",
7  },
8  body: JSON.stringify({ receiver: "+967778994568", locale: "en" }),
9});

Auth rules

Rule	Effect
Missing API key	The request is rejected before the route handler runs.
Invalid or revoked key	The request cannot access project data or delivery actions.
No active device linked	Send routes fail with DEVICE_NOT_LINKED.

Quickstart

Send OTP