Skip to content

Authentication

Galatext uses two authentication methods depending on the API endpoint.

API Key Authentication

All messaging API endpoints require API key authentication. Your API key must be included in every request via the x-api-key HTTP header.

bash
curl -X POST https://api.galatext.com/api/sms/send \
  -H "Content-Type: application/json" \
  -H "x-api-key: gal_abc123_def456_xyz789"

Getting Your API Key

  1. Log in to the Galatext Dashboard
  2. Navigate to Settings → API Keys
  3. Click Create New Key
  4. Optionally, give it a label (e.g., "Production", "Staging")
  5. Copy the key — it is shown only once

⚠️ Store your API key securely. Treat it like a password.

Environments

EnvironmentDescription
gal_live_*Production API key for live traffic
gal_test_*Sandbox key for testing (no real messages sent)

Bearer JWT Authentication

Dashboard API endpoints (billing, account management, key management) use Bearer JWT tokens.

bash
curl -X GET https://api.galatext.com/api/account/balance \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

Getting a JWT Token

  1. Call the authentication endpoint with your credentials:
bash
curl -X POST https://api.galatext.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "your_password"
  }'
  1. The response includes an accessToken (expires in 1 hour) and a refreshToken:
json
{
  "success": true,
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIs...",
    "refreshToken": "eyJhbGciOiJIUzI1NiIs...",
    "expiresIn": 3600
  }
}

Key Management Best Practices

Create Multiple Keys

Maintain separate API keys for different environments and applications:

bash
# Production key — limited permissions
gal_live_prod_app_abc123

# Staging key — full permissions
gal_live_staging_def456

# CI/CD key — send-only
gal_live_ci_build_ghi789

Rotate Keys Regularly

  1. Create a new key from the dashboard
  2. Update your application with the new key
  3. Verify the new key works
  4. Delete the old key

Revoke Compromised Keys

If you suspect a key is exposed:

  1. Go to Settings → API Keys
  2. Find the compromised key
  3. Click Revoke
  4. Create a new key
  5. Deploy the new key to your application

Security Best Practices

  • Never hardcode keys — Use environment variables or a secrets manager
  • Restrict by IP — Configure IP whitelisting in dashboard settings
  • Use separate keys — Different keys for dev, staging, and production
  • Monitor usage — Review API key usage logs regularly
  • Rotate quarterly — Rotate keys at least every 90 days
  • Least privilege — Use keys with only the permissions needed

Example: Environment Variables

bash
# .env file
GALATEXT_API_KEY=gal_live_prod_app_abc123
GALATEXT_API_URL=https://api.galatext.com
python
# Python
import os
import requests

api_key = os.environ.get("GALATEXT_API_KEY")
headers = {"x-api-key": api_key}
js
// Node.js
const apiKey = process.env.GALATEXT_API_KEY;

Supported Authentication Methods

MethodHeaderUsed For
API Keyx-api-keyAll messaging APIs
Bearer JWTAuthorization: Bearer <token>Dashboard & account APIs
Sandbox Keyx-api-key (test_ prefix)Sandbox testing

Rate Limits per Key

  • Free: 5 requests/second
  • Starter: 20 requests/second
  • Business: 100 requests/second
  • Enterprise: Custom limits

Rate limits are enforced per API key. If you need higher limits, contact support.

Powered by Galatex Softwares