API Reference
The Canary API is organized around REST. Our API has predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes.
Base URL
https://api.canarymsg.dev/v1All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
Authentication
The Canary API uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard Settings.
# Include your API key in the Authorization header
curl https://api.canarymsg.dev/v1/sms \
-H "Authorization: Bearer sk_live_xxxxxxxxxxxxxxxx"Keep your API keys secure
Your API keys carry many privileges, so be sure to keep them secure. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
API Key Types
sk_live_Live Keys
Use these keys for production. Requests will be billed and messages will be delivered.
sk_test_Test Keys
Use these keys for testing. Messages will not be delivered and you will not be charged.
Webhooks
Canary uses webhooks to notify your application when events happen in your account. Webhooks are particularly useful for asynchronous events like when a message is delivered or when a recipient opens an email.
Webhook Events
| Event | Description |
|---|---|
message.sent | Message was sent to the carrier |
message.delivered | Message was delivered to the recipient |
message.failed | Message delivery failed |
email.opened | Email was opened by recipient |
email.clicked | Link in email was clicked |
call.completed | Voice call was completed |
Webhook Payload
{
"id": "evt_1234567890",
"type": "message.delivered",
"created": 1704067200,
"data": {
"message_id": "msg_abc123",
"to": "+15551234567",
"status": "delivered",
"delivered_at": "2024-01-01T12:00:00Z"
}
}Webhook Signature Verification
Canary signs webhook payloads with a signature header that you can use to verify the payload came from Canary. The signature is included in theX-Canary-Signatureheader.
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Rate Limits
The Canary API implements rate limiting to ensure fair usage and protect against abuse. Rate limits are applied per API key.
| Plan | Rate Limit | Burst |
|---|---|---|
| Free | 100 requests/minute | 20 requests |
| Pro | 1,000 requests/minute | 100 requests |
| Enterprise | 10,000 requests/minute | 1,000 requests |
Rate limit information is included in the response headers:
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1704067260Error Handling
Canary uses conventional HTTP response codes to indicate the success or failure of an API request. In general: codes in the 2xx range indicate success, codes in the 4xx range indicate an error with the information provided, and codes in the 5xx range indicate an error with Canary's servers.
| Code | Description |
|---|---|
| 200 | OK - Request succeeded |
| 201 | Created - Resource was created |
| 400 | Bad Request - Invalid parameters |
| 401 | Unauthorized - Invalid API key |
| 403 | Forbidden - Insufficient permissions |
| 404 | Not Found - Resource does not exist |
| 429 | Too Many Requests - Rate limit exceeded |
| 500 | Internal Server Error - Something went wrong |
Error Response Format
{
"error": {
"code": "invalid_phone_number",
"message": "The phone number provided is not valid",
"param": "to",
"doc_url": "https://canarymsg.dev/docs/errors#invalid_phone_number"
}
}