Authentication
The Legacy API authenticates each request with a bearer token issued in the dashboard. Send it in the Authorization header.
Every request to the Legacy API carries a bearer token. Tokens are created in the dashboard and passed in the Authorization header.
Getting a token
Sign in to the Instasent dashboard, open API tokens and create one for the account that will send the traffic. Copy the value right away — it is shown once.
Sending the token
curl https://api.instasent.com/sms \
-H "Authorization: Bearer $INSTASENT_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "from": "Instasent", "to": "+34600000000", "text": "Hello" }'A missing, malformed or revoked token returns 401 Unauthorized.
Rotating a token
Tokens do not expire. Rotate them whenever a member of the team leaves, whenever a secret might have been exposed, and at least once a year as a hygiene measure.
Issue the replacement
Create a new token in the dashboard before revoking the old one so traffic keeps flowing while you redeploy.
Roll it out
Update your secrets store and redeploy the workers that call the API.
Revoke the old token
Once the replacement is live everywhere, delete the old token in the dashboard. Any request still using it will fail with
401 Unauthorized.
What's next
- API Reference — every endpoint and response code.
- Transactional API — the modern alternative for new integrations.