Set up DMARC and see who's sending email using your brand's domain.

What are the Account and Server API Tokens, and SMTP Tokens?

In Postmark, there are three different kinds of Tokens for authentication with our API and SMTP.

API Tokens

An API Token is a randomly generated alpha-numeric string that’s used to authenticate different things in Postmark. It’s almost like a username and password all rolled into one.

To find your Server API token in Postmark, visit the API Tokens tab within your Servers. These tokens serve multiple purposes, including functioning as default SMTP credentials and enabling various API tasks like sending messages, checking sent messages, and using the Bounce API. Account Owners and Admins can see tokens for all Servers, while Server Admins can access tokens for their assigned Servers.

A server can have up to 3 API Tokens associated with it.

The Account API Token is required for API actions that only the Account Owner and Account Admin have access to. This includes: creating new Servers and adding new Sender Signatures or Domains. The Account API Token can be found on the API Tokens page in the Account section.

SMTP Tokens

An SMTP Token is a way to authenticate SMTP sending through different Streams within Postmark, these can be used in place of the Server API Token. They can be generated within the Settings tab in each of your Outbound Streams in Postmark. The Tokens are unique to the Stream they're generated in. They are made up of two parts that are tied together:

  • The Access key acts as the username for the SMTP connection.
  • The Secret Key acts as the password for the SMTP connection. After a secret key is generated, it's not visible after the page is reloaded. If the Secret Key is lost, a new SMTP Token will need to be generated.

The Access Key and Secret Key can only be used with the other value they were generated with.

Last updated September 19th, 2023

Still need some help?

Our customer success team has your back!