API keys are the credentials your applications use to authenticate requests to the MigoSMTP and Telnxo APIs. This article walks through generating keys on both platforms, configuring their scope, naming them for clarity, and storing them securely.
Platform separation: API keys for MigoSMTP and Telnxo are generated independently within each platform dashboard. A MigoSMTP API key cannot be used to authenticate Telnxo API requests and vice versa. Generate a key from the correct platform for your use case.
Generating an API Key in MigoSMTP
- Log in to your MigoSMTP dashboard at
app.migosmtp.com via the Rackwave portal SSO.
- Click API Keys in the left sidebar.
- Click Generate New API Key or Create Key.
- Enter a descriptive key name (e.g. Production App, Laravel Backend, WordPress Site).
- Select the key scope — see scope table below.
- Optionally set allowed IP addresses to restrict which servers can use this key.
- Click Generate.
- The full API key is displayed once only — copy it immediately and store it securely.
- After closing this screen the full key is never shown again. Only the last 4 characters are displayed for identification.
Generating an API Key in Telnxo
- Log in to your Telnxo dashboard at
app.telnxo.com via the Rackwave portal SSO.
- Click API Keys in the left sidebar under the Developer section.
- Click Create API Key.
- Enter a descriptive key name.
- Select the key scope for the channels and operations this key needs access to.
- Optionally restrict to specific IP addresses.
- Click Create.
- Copy the displayed key immediately — it is shown only once.
API Key Scope Options
MigoSMTP Scopes
| Scope |
What It Permits |
Use When |
send |
Send emails via API only |
Application needs to send email but nothing else |
send:template |
Send emails using saved templates |
App sends from pre-built templates only |
reports:read |
Read delivery reports and message logs |
Analytics dashboards or monitoring tools |
suppressions:write |
Add and remove suppression list entries |
Syncing unsubscribes from external systems |
templates:write |
Create, update, and delete templates |
Content management integrations |
admin |
Full access — all operations including domain and SMTP account management |
Internal admin tools only; avoid for application-facing keys |
Telnxo Scopes
| Scope |
What It Permits |
sms:send |
Send SMS messages only |
voice:send |
Initiate outbound voice calls only |
whatsapp:send |
Send WhatsApp messages only |
reports:read |
Read delivery logs and campaign reports |
templates:write |
Create and manage templates |
admin |
Full access to all Telnxo API operations |
Key Naming Best Practices
A clear naming convention makes it easy to identify which key belongs to which application and when to rotate or revoke specific keys:
| Example Name |
What It Describes |
| prod-laravel-send |
Production Laravel app, send-only scope |
| staging-wordpress |
Staging WordPress environment |
| reporting-dashboard-readonly |
Internal analytics dashboard, read-only scope |
| crm-sync-suppressions |
CRM integration for syncing unsubscribes |
| mobile-app-sms-otp |
Mobile backend for sending SMS OTPs via Telnxo |
How Many API Keys Can I Create?
| Platform |
Max API Keys per Plan |
| MigoSMTP (all plans) |
5 keys |
| Telnxo (all plans) |
5 keys |
Rotating an API Key
Key rotation involves generating a new key, updating all applications to use it, and then revoking the old one. Follow this order to avoid downtime:
- Generate a new API key with the same scope as the one being rotated.
- Update your application's environment variable or secrets manager with the new key.
- Deploy the updated configuration and verify the new key is working in production.
- Revoke the old API key from the platform dashboard.
Zero-downtime rotation: Always generate the new key and verify it is working before revoking the old one. Revoking first causes immediate API failures in production.
Next Steps