Authentication
The Local eSIM Partner API uses bearer-token authentication.
Using your API key
Include your API key in the Authorization header of every request:
Authorization: Bearer YOUR_SECRET_TOKEN
Your key is a 32-character random string drawn from the base64url alphabet:
the letters A–Z and a–z, the digits 0–9, and the two symbols
_ and -. Keys contain no spaces, no other special characters, and no
scheme prefix — what you receive at onboarding is the whole secret.
If a value you've been sent doesn't match that shape, it isn't a valid Local eSIM API key.
Where keys come from
Keys are issued by Local eSIM directly. Your point of contact at Local eSIM will send you the key over a secure channel during onboarding.
Keys are shown only once at the moment of creation. If you lose your key, contact Local eSIM and they can issue a new one (which invalidates the old one).
Example request
curl -X POST https://api.local-esim.com/v1/customers \
-H "Authorization: Bearer YOUR_SECRET_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "customer@example.com",
"tags": ["your_partner_tag"]
}'
Key rotation
If you suspect your key has been compromised — or as a periodic security practice — contact Local eSIM to rotate it. Local eSIM can either:
- Recycle the key, which generates a new secret under the same label. The old secret stops working immediately.
- Revoke the key, which permanently disables it without issuing a replacement.
Either action takes effect instantly. There is no grace period.
What if my key doesn't work?
If you receive a 401 Unauthorized response, check that:
- The
Authorizationheader is present and spelled correctly. - The format is exactly
Bearerfollowed by your key (note the space afterBearer). - You're using the production key — not a test or expired key.
- The key hasn't been recycled or revoked. If in doubt, contact Local eSIM.
For security reasons, the API does not distinguish between "key not found", "key revoked", and "feature not enabled" — all return the same generic 401 response.