MOLTED EMAIL

Authentication

Session auth for the portal UI and Bearer API keys for the sending API.

Molted Email uses two authentication methods depending on the context.

Session cookies (Portal UI)

When you sign in at molted.email, a session cookie is set. This cookie authenticates all portal requests — dashboard, domain management, billing, and API key management.

No action is required on your part. The session is managed automatically by the portal.

Bearer API keys (Sending API)

All API requests to api.molted.email require a Bearer token in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Managing API keys

  1. Go to Dashboard > API Keys in the portal.
  2. Click Create Key to generate a new key.
  3. Copy the key immediately — it is displayed only once and cannot be retrieved later.
  4. To revoke a key, click Revoke next to the key in the list.

Security notes

  • API keys grant full send access to your tenant. Treat them like passwords.
  • Store keys in environment variables or a secrets manager. Never commit them to source control.
  • Rotate keys periodically. Revoke any key you suspect has been compromised.
  • Each key is scoped to a single tenant.

Quickstart

Sign up, get an API key, and send your first email in five minutes.

SDK Reference

Install and use the @molted/mail TypeScript SDK to send email, classify intents, and coordinate agents.

On this page

Session cookies (Portal UI)Bearer API keys (Sending API)Managing API keysSecurity notes