API keys
Create, rotate, and revoke API keys in DMARCdrift to grant programmatic read-only access to your domain data, reports, and alert history.
API keys let you access your DMARCdrift data from your own scripts, dashboards, or monitoring pipelines without sharing your account password. They are available on the Pro plan.
Creating a key
Go to Settings → Integrations → API keys and click New API key. Give the key a name that describes where it will be used — for example, "Grafana dashboard" or "CI monitoring script". You can have up to 10 keys per account.
After clicking Create, the full key is shown once. Copy it immediately and store it somewhere safe (a secrets manager, .env file, or password vault). The raw key is never shown again — only the prefix is stored.
Keys look like this:
dd_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6The dd_live_ prefix identifies all DMARCdrift API keys.
Using a key
Pass the key in the Authorization header as a Bearer token:
GET /v1/external/domains HTTP/1.1
Host: api.dmarcdrift.com
Authorization: Bearer dd_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6All external API endpoints require this header. Requests without it, or with an invalid or disabled key, receive 401 Unauthorized.
Disabling and deleting keys
To temporarily stop a key from working without deleting it, use the toggle in Settings → Integrations → API keys. A disabled key returns 401 on all requests.
To permanently remove a key, click Delete. This cannot be undone. Any script or integration using the deleted key will immediately start receiving 401 errors.
If you lose a key or suspect it has been compromised, delete it and create a new one.
Rate limits
Each key is limited to 60 requests per minute. Requests beyond this limit receive 429 Too Many Requests with a Retry-After: 60 header. Additionally, all external API traffic is subject to a per-IP limit of 200 requests per minute as a DoS shield.
Key security
- Store keys in environment variables or a secrets manager, not in source code.
- Rotate keys periodically or whenever access needs to be revoked.
- If your account downgrades from Pro, all API keys are automatically disabled.
See also: API reference — available endpoints, request parameters, and response shapes.