# Project API tokens

Project API tokens authenticate the Sending API and SMTP relay. They start with `lm_` and are scoped to one project.

:::info
Project API tokens are different from Team API tokens. Project API tokens send email for one project with `x-lettermint-token` or SMTP authentication. Team API tokens start with `lm_team_` and manage resources through `Authorization: Bearer`.
:::

Each project can have multiple Project API tokens. Create separate tokens for production, staging, CI, and each integration so you can rotate or revoke one token without interrupting everything else.

## Create a token

<Stepper>

1. Open the Lettermint dashboard.
2. Go to **Projects** and select your project.
3. Open **API Tokens**.
4. Click **Create token**.
5. Enter a descriptive name, such as `Production API`, `Staging worker`, or `Magento store`.
6. Copy the token immediately and store it as `LETTERMINT_PROJECT_TOKEN`.

</Stepper>

<Frame>
    <img src="/docs/images/api-token-created.png" alt="Project API token when created in the Lettermint dashboard" />
</Frame>

:::warning
The full token is shown only once. If you lose it, regenerate that token or create a new one.
:::

## Manage tokens

The token list shows each token's name, when it was last changed, when it was last used, and the last IP address that used it.

Use the token actions menu to regenerate, revoke, or inspect token logs.

## Regenerate or revoke

- **Regenerate** a token if it may be exposed. The old token stops working immediately.
- **Revoke** tokens that are no longer used.
- **Create a new token before rotating production traffic** when you need a zero-downtime credential change.

## Best practices

- Use one token per integration or environment.
- Store tokens in a secrets manager or environment variable.
- Never commit tokens to source control or expose them in client-side code.
- Name tokens by owner and purpose, such as `billing-service production`.
- Review last-used metadata regularly and remove inactive tokens.

## Use a Project API token

```bash title="cURL"
curl -X POST "https://api.lettermint.co/v1/send" \
  -H "Content-Type: application/json" \
  -H "x-lettermint-token: $LETTERMINT_PROJECT_TOKEN" \
  -d '{
    "from": "You <you@example.com>",
    "to": ["recipient@example.com"],
    "subject": "Hello",
    "text": "Sent with a Project API token."
  }'
```

<OpenPlaygroundButton
  server="https://api.lettermint.co/v1"
  url="/send"
  method="POST"
  headers={[{ name: "x-lettermint-token", defaultValue: "lm_your_project_token" }]}
  body={JSON.stringify({
    from: "You <you@example.com>",
    to: ["recipient@example.com"],
    subject: "Hello",
    text: "Sent with a Project API token.",
  })}
>
  Try the send endpoint
</OpenPlaygroundButton>

## Next steps

- [Quickstart](/quickstart) - Send your first email
- [SMTP guide](/guides/send-email-with-smtp) - Use the same token with SMTP
- [Team API tokens](/platform/teams/api-tokens) - Manage team-level API access