Lumbox Docs

Authentication

How to authenticate API requests.

Authentication

All API requests require an API key passed in the X-API-Key header.

curl https://api.lumbox.co/v1/inboxes \
  -H "X-API-Key: ak_your_key_here"

Getting an API Key

  1. Sign up at lumbox.co
  2. Go to Settings > API Keys
  3. Click Create API Key
  4. Copy the key — it's only shown once

Scoped Keys

API keys can be scoped to specific inboxes for security. When creating a key, pass allowed_inbox_ids to restrict which inboxes the key can access:

curl -X POST https://api.lumbox.co/v1/me/api-keys \
  -H "X-API-Key: ak_admin_key" \
  -H "Content-Type: application/json" \
  -d '{"name": "github-bot-key", "allowed_inbox_ids": ["inb_abc123"]}'

A scoped key can only read, send, and manage emails for the specified inboxes. Requests to other inboxes return 403 Forbidden.

Key Format

API keys are prefixed with ak_ followed by a random string. Example: ak_7f3a9b2c4d...

Quickstart

Get up and running in under a minute.

SDK Quickstart

Use the Node.js or Python SDK.

On this page

AuthenticationGetting an API KeyScoped KeysKey Format