Authentication
Every request requires an Authorization: Bearer tg_live_xxxxx header. Keys are generated from the panel (the API keys section), they're permanent until you revoke them and can be scoped (e.g. send-only or read-only).
REST /v1/messages endpoint with Bearer auth, idempotency keys and transparent rate limiting.
Every request requires an Authorization: Bearer tg_live_xxxxx header. Keys are generated from the panel (the API keys section), they're permanent until you revoke them and can be scoped (e.g. send-only or read-only).
curl -X POST https://api.targetsmtp.it/v1/messages \
-H "Authorization: Bearer $TARGET_KEY" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: $(uuidgen)" \
-d '{
"from": "noreply@yoursite.com",
"to": ["user@example.com"],
"subject": "Order #1024 confirmed",
"html": "<p>Thanks!</p>",
"tags": ["order-confirmation"]
}'// PHP 8+ with built-in HTTP client via file_get_contents:
$payload = json_encode([
"from" => "noreply@yoursite.com",
"to" => ["user@example.com"],
"subject" => "Order #1024 confirmed",
"html" => "<p>Thanks!</p>",
]);
$ctx = stream_context_create([
"http" => [
"method" => "POST",
"header" => [
"Authorization: Bearer " . $TARGET_KEY,
"Content-Type: application/json",
"Idempotency-Key: " . bin2hex(random_bytes(16)),
],
"content" => $payload,
],
]);
$resp = json_decode(file_get_contents("https://api.targetsmtp.it/v1/messages", false, $ctx), true);await fetch('https://api.targetsmtp.it/v1/messages', {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.TARGET_KEY}`,
'Content-Type': 'application/json',
'Idempotency-Key': crypto.randomUUID(),
},
body: JSON.stringify({
from: 'noreply@yoursite.com',
to: ['user@example.com'],
subject: 'Order #1024 confirmed',
html: '<p>Thanks!</p>',
}),
});import os, uuid, requests
r = requests.post(
'https://api.targetsmtp.it/v1/messages',
headers={
'Authorization': f'Bearer {os.environ["TARGET_KEY"]}',
'Content-Type': 'application/json',
'Idempotency-Key': str(uuid.uuid4()),
},
json={
'from': 'noreply@yoursite.com',
'to': ['user@example.com'],
'subject': 'Order #1024 confirmed',
'html': '<p>Thanks!</p>',
},
)
print(r.json())Pass an Idempotency-Key header (UUID v4 recommended): if you retry the same request after a network timeout, we guarantee the message won't be sent twice. The key is valid for 24 hours.
Responses include the headers X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset. When you hit the limit you get an HTTP 429 with Retry-After. The hourly limit depends on your plan (see pricing).
All errors return JSON with error.code, error.message, and error.field where useful. HTTP status codes are semantic: 400 validation, 401 auth, 402 quota exhausted, 422 unprocessable entity, 429 rate limit, 5xx server.