Authentication (v1)

The v1 API (sending, bounces and complaints) is authenticated with the API token you obtain from Obtain API token. v1 accepts the token in one of two headers:

Header	Example	Notes
X-API-Key	X-API-Key: <your_token>	Recommended. Same header as v2.
Authorization (Basic flavor)	Authorization: Basic <your_token>	Paste the raw token after Basic — it is not base64 user:pass.

Caution

The Basic flavor is non-standard. A normal HTTP Basic client that base64-encodes user:password will fail — send the raw token verbatim.

Note

v2 authenticates differently: it accepts only X-API-Key. If you integrate with both versions, prefer X-API-Key everywhere.

Examples

X-API-Key

curl -X GET 'https://webapi.inboxroad.com/api/v1/bounces' \
  -H 'X-API-Key: <your_token>' \
  -H 'Content-Type: application/json'

Authorization

curl -X GET 'https://webapi.inboxroad.com/api/v1/bounces' \
  -H 'Authorization: Basic <your_token>' \
  -H 'Content-Type: application/json'

Errors

Status code	Meaning
401	Missing, malformed, or invalid token.
403	Token is valid but is not linked to a customer profile.

If a request fails with 401, obtain a fresh token or contact your account manager.