Skip to main content

Authentication

All API requests require authentication via one of the following methods.

:::tip Recommended method API Key authentication is the simplest and most secure method. It does not require Base64 encoding and reduces the risk of exposing credentials in logs. :::

The simplest method. Add the X-Api-Key header to every request:

curl -X POST "https://lora-api.agiletelecom.com/api/message-server/sms/send" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "destination": "+393401234567",
    "sender": "MyCompany",
    "body": "Hello world"
  }'
warning

Never share your API Key in public repositories, client-side code, or insecure channels. If compromised, regenerate it immediately from the Qlara platform.

Your API Key is available in the settings section of the Qlara platform.

Basic Auth

Standard HTTP method with username and password encoded in Base64:

curl -X POST "https://lora-api.agiletelecom.com/api/message-server/sms/send" \
  -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" \
  -H "Content-Type: application/json" \
  -d '{
    "destination": "+393401234567",
    "sender": "MyCompany",
    "body": "Hello world"
  }'

How to generate the Base64 value

Linux / macOS:

Generate Base64 on Linux/macOS
echo -n "username:password" | base64

Windows PowerShell:

Generate Base64 on Windows
[Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("username:password"))

IP Whitelist

For each account, a list of allowed IPs can be configured in the Qlara platform. If enabled, requests from unauthorized IPs receive 403 Forbidden.

Authentication flow

Authentication errors

CodeMeaningWhat to do
401Missing or invalid credentialsVerify your API Key or Basic credentials
403Unauthorized IP or inaccessible resourceVerify the IP whitelist in the platform