Every /v1/send and /v1/receipts request requires a Bearer token:

Authorization: Bearer com.acme.myapp|sk_abc123def456...

Key format

<package_name>|<secret>. The package name prefix is the app's bundle/package ID. The secret is a random string generated by the server. Keys self-identify in logs so you can tell which app a request belongs to.

Creating and revoking

Create keys in the dashboard under your app's API Keys section. The full key is shown exactly once at creation time. Copy it immediately. You can create multiple keys per app.

To revoke a key, click the revoke button in the dashboard. The key stops working immediately. If you need zero-downtime rotation, create a new key first, update your server, then revoke the old one.

Environment variables

# .env (never commit this file)
EDGEPUSH_API_KEY=com.acme.myapp|sk_abc123def456...

# your server
const client = new Edgepush({
  apiKey: process.env.EDGEPUSH_API_KEY,
});

The CLI reads from EDGEPUSH_API_KEY and EDGEPUSH_BASE_URL environment variables as overrides. See the CLI section for details.