Skip to main content
Every request to the mycpaas API must be authenticated using HTTP Basic Auth. You identify yourself with two credentials: an Account SID and an Auth Token. Both are available at Credentials.

Your credentials

Account SID is a unique identifier for your mycpaas account. It always starts with the prefix AC and is safe to include in logs and application configuration — it is not secret on its own. Auth Token is the secret key paired with your Account SID. It acts as a password: anyone who has it can make API requests on your behalf. Rotate it from the Dashboard if you ever suspect it has been exposed.
Never commit your Auth Token to source control, include it in client-side code, or share it in logs or error messages. Treat it with the same care as a database password.

Where to find them

  1. eGet you credentials at Credentials.

Passing credentials

The simplest way to authenticate is with curl’s -u flag. Pass your Account SID and Auth Token separated by a colon:
curl -X POST https://developer.mycpaas.io/api/laml/2010-04-01/Accounts/ACxxx/Messages.json \
  -u ACxxx:AUTH_TOKEN \
  -d "To=+491234567890" \
  -d "From=+491098765432" \
  -d "Body=Hello from mycpaas"
curl automatically Base64-encodes the credentials and adds the Authorization header for you.

HTTP 401 errors

A 401 Unauthorized response means the API could not authenticate your request. The table below covers the most common causes and how to fix them.
CauseHow to fix
Wrong Account SIDConfirm the SID starts with AC and matches what’s shown in the Dashboard
Wrong Auth TokenRe-copy the Auth Token from the Dashboard; make sure there are no extra spaces
Credentials not encoded correctlyIf constructing the header manually, verify the Base64 encoding includes the colon separator between SID and token
Auth Token recently rotatedUpdate your application or environment variables with the new token
Using another provider’s credentialsmycpaas credentials are separate from Twilio and SignalWire — generate new credentials from the Dashboard