API Keys
To call the Courier API, you need an API key. Grab one from the Courier dashboard, then pass it as a Bearer token:SDKs
Courier’s server SDKs wrap the REST API with typed methods for sending notifications, managing users, configuring channels, and more. Install the SDK for your language to get started.Rate Limiting
| Endpoint | Operation | Limit |
|---|---|---|
| Lists API | POST to subscriptions | 20 requests/minute |
PUT to lists | 20 requests/minute | |
| Events API | PUT to events | 20 requests/minute |
| Brands API | PUT to brands | 200 requests/minute |
Payload Limits
The maximum request body size for all Courier API endpoints is 6 MB. Requests that exceed this limit are rejected with a413 Payload Too Large response.
Base64-encoded content (common for email attachments) inflates size by roughly 33%; a 4.5 MB raw file will approach the limit after encoding. For large files, host them externally (S3, GCS, or your own CDN) and pass download URLs to your notification via data variables.
Payload limits cap the size of a single API request. For limits on how many messages you can send to a user or workspace, see Send Limits.
Idempotency
Add anIdempotency-Key header to any POST request to ensure it runs only once, even if retried.
cURL
- Use a unique value (like a UUID) for each logical request.
- Replaying the same key returns the original response, even if it was an error.
- Keys expire after 24 hours.