RoyceBulkSMSAPI Docs

Authentication

RoyceBulkSMS API uses Bearer token authentication to secure all API requests. Learn how to get your API key and use it in your applications.

Getting Your API Key

1

Log in to Your Dashboard

Sign in to your RoyceBulkSMS account at roycetalk.com

Don't have an account? Register for free

2

Navigate to API Keys

Go to: Dashboard → API Keys

Open API Keys Page →
3

Generate or Copy Your API Key

Click "Generate New Key" or copy your existing API key.

XXXX_XXXXXXXXXXXXXXXXXXXXXXXX_

Keep this key secure! Treat it like a password.

Using Your API Key

Include your API key in the Authorization header of every API request using the Bearer token format:

cURL Example

curl -X POST "https://roycetalk.com/api/v1/sms-api/send/" \ -H "Authorization: Bearer YOUR_API_KEY_HERE" \ -H "Content-Type: application/json" \ -d '{"phone_number": "+254712345678", ...}'

Python Example

headers = { "Authorization": f"Bearer {YOUR_API_KEY}", "Content-Type": "application/json" } response = requests.post(url, json=data, headers=headers)

PHP Example

$headers = [ 'Authorization: Bearer ' . YOUR_API_KEY, 'Content-Type: application/json', ]; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

Laravel Example

// Store in .env ROYCEBULKSMS_API_KEY=your_api_key_here // Use in code Http::withToken(config('services.roycebulksms.api_key')) ->post($url, $data);

Security Best Practices

Keep Keys Private

Never expose API keys in client-side code, public repositories, or commit them to version control.

Use Environment Variables

Store API keys in environment variables (.env files) instead of hardcoding them.

Rotate Keys Regularly

Generate new API keys periodically and revoke old ones for enhanced security.

Server-Side Only

Only use API keys in server-side code. Never send them to browsers or mobile apps.

Monitor Usage

Regularly check your API usage in the dashboard for any suspicious activity.

Use HTTPS Only

Always make API requests over HTTPS to encrypt data in transit.

Common Authentication Errors

403 Forbidden - Invalid API Key

Your API key is incorrect or has been revoked.

{ "error": { "code": "forbidden", "message": "Invalid API key." } }

Solution: Verify your API key in the dashboard and ensure it's correctly copied.

403 Forbidden - Missing Authorization Header

The Authorization header is missing from your request.

Solution: Include the Authorization: Bearer YOUR_API_KEY header in all requests.

401 Unauthorized - Expired Key

Your API key has expired (if expiration was set).

Solution: Generate a new API key from your dashboard.

Ready to Send Your First SMS?

Now that you have your API key, follow our Quick Start guide to send your first SMS in 5 minutes.

Quick Start Guide →