إرسال

Authentication

How to authenticate with the Ersaal API using Bearer tokens

The Ersaal API uses Bearer token authentication. Include your token in the Authorization header on every request.

Authorization: Bearer YOUR_API_TOKEN

Getting your token

  1. Log in to sms.lamah.com
  2. Go to Projects and open a project
  3. Add your server IP to the allowed list
  4. Copy the API token from project details

Security best practices

  • Store tokens in environment variables, never in source code
  • Use one token per project — avoid sharing tokens across projects
  • Rotate tokens periodically from the dashboard
  • Monitor API usage for unexpected activity

Authentication errors

StatusCodeMeaning
401UNAUTHORIZEDToken is missing, invalid, or expired
403ACCESS_DENIEDToken is valid but lacks permission for this action

If you receive a 401, verify the token format includes the Bearer prefix and that there are no extra spaces or newlines.

Testing your token

Call the project details endpoint to confirm authentication is working:

curl https://sms.lamah.com/api/project/details \
  -H "Authorization: Bearer YOUR_API_TOKEN"

A 200 response means your token is valid.

On this page

Getting your tokenSecurity best practicesAuthentication errorsTesting your token