Authentication
Three authentication methods are available. API Key is recommended for most integrations.
API Key (Recommended)
Include your API key in the X-Api-Key header with every request.
Getting Your API Key
- Log in to your Qlara account
- Navigate to Settings → API Keys
- Generate a new key or copy your existing key
- Store it securely (never commit to version control)
Using API Key
- cURL
- Python
- Node.js
curl -X POST https://lora-api.agiletelecom.com/api/message-server/sms/send \
-H "X-Api-Key: your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"phoneNumber": "+393901234567",
"message": "Hello from Qlara!"
}'
import requests
headers = {
"X-Api-Key": "your_api_key_here",
"Content-Type": "application/json"
}
response = requests.post(
"https://lora-api.agiletelecom.com/api/message-server/sms/send",
json={"phoneNumber": "+393901234567", "message": "Hello from Qlara!"},
headers=headers
)
print(response.json())
const axios = require('axios');
const config = {
headers: {
'X-Api-Key': 'your_api_key_here',
'Content-Type': 'application/json'
}
};
const data = {
phoneNumber: '+393901234567',
message: 'Hello from Qlara!'
};
axios.post(
'https://lora-api.agiletelecom.com/api/message-server/sms/send',
data,
config
).then(response => console.log(response.data))
.catch(error => console.error(error));
Basic Authentication
If API keys aren't suitable for your use case, use Base64-encoded credentials.
Generating Basic Auth Credentials
On macOS/Linux:
echo -n "username:password" | base64
On Windows (PowerShell):
[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("username:password"))
Using Basic Auth
- cURL
- Python
- Node.js
curl -X POST https://lora-api.agiletelecom.com/api/message-server/sms/send \
-H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" \
-H "Content-Type: application/json" \
-d '{
"phoneNumber": "+393901234567",
"message": "Hello from Qlara!"
}'
import requests
from requests.auth import HTTPBasicAuth
response = requests.post(
"https://lora-api.agiletelecom.com/api/message-server/sms/send",
json={"phoneNumber": "+393901234567", "message": "Hello from Qlara!"},
auth=HTTPBasicAuth('username', 'password')
)
print(response.json())
const axios = require('axios');
const auth = {
username: 'username',
password: 'password'
};
const data = {
phoneNumber: '+393901234567',
message: 'Hello from Qlara!'
};
axios.post(
'https://lora-api.agiletelecom.com/api/message-server/sms/send',
data,
{ auth }
).then(response => console.log(response.data))
.catch(error => console.error(error));
IP Whitelisting
Add an extra layer of security by restricting API access to specific IP addresses. This is optional but recommended for production.
Configuring IP Whitelist
- Go to Settings → Security
- Enable IP Whitelist
- Add your server's IP address(es)
- Save
Any request from a non-whitelisted IP returns 403 Forbidden.
Error Codes
| Code | Meaning | Action |
|---|---|---|
401 | Invalid credentials | Check API key or Basic Auth credentials |
403 | Unauthorized IP | Verify your IP is whitelisted (if enabled) |
Security Best Practices
- Never expose API keys in client-side code — Use them only on your backend server
- Store keys in environment variables — Don't hardcode them
- Regenerate if compromised — Go to Settings → API Keys and generate a new one
- Use HTTPS only — All requests must be over HTTPS
- Rotate credentials periodically — Regenerate keys every 90 days in high-security environments
- Log access — Monitor your API key usage in the dashboard
Example: Environment Variables
Python:
import os
api_key = os.getenv('QLARA_API_KEY')
Node.js:
const apiKey = process.env.QLARA_API_KEY;
Bash:
curl -X POST https://lora-api.agiletelecom.com/api/message-server/sms/send \
-H "X-Api-Key: $QLARA_API_KEY" \
-d '...'
Need help with authentication? Contact support at support@agiletelecom.com.