Getting started
Authentication
Relayly authenticates API requests with an API key sent in the X-API-Key header.
X-API-Key: esp_live_xxxxxxxxxxxxxxxxxxxxScopes
Keys are scoped to least privilege. Grant only what an integration needs:
| Scope | Grants |
|---|---|
send | Create & send campaigns, transactional email |
read | Read-only access to resources |
contact.manage | Manage contacts & lists |
validation.run | Run email validation jobs |
webhook.manage | Manage webhook endpoints |
Rate limits & idempotency
Each key is rate-limited; exceeding the limit returns 429 Too Many Requests — back off and retry. To make writes safe to retry, send a unique Idempotency-Key header; Relayly will not process the same key twice.
Keep keys secret. Never expose them in client-side code. Rotate or revoke a key instantly from the dashboard.