Bearer keys, prefixed ULIDs, cursor pagination, idempotency on every mutation, signed webhooks. Learn it once for SK Notifications; it holds across all of Softknack.
Sends are idempotent and audited; channel fallback order is policy, not code. Submit a message with a channel strategy and the spine handles providers, breakers, retries and the audit trail.
Get a test key, make one authenticated call, and listen for the webhook. The same three moves work for every endpoint in the suite.
Test and live keys are separate environments. Build against sk_test_ without touching a real customer.
One authenticated POST with an idempotency key. Same key + same body always returns the same result.
A signed message.created event hits your endpoint — verify the HMAC, act on it, return 200.
curl -X POST https://api.softknack.com/notifications/v1/messages \ -H "Authorization: Bearer sk_live_..." \ -H "Idempotency-Key: 9f2c-4d1a-...-e7b3" \ -H "Content-Type: application/json" \ -d '{ "contact_id": "ctc_01J9X...", "template": "appt_reminder", "channels": ["whatsapp", "sms"], "vars": { "time": "5:00 PM" } }'
Signed with HMAC-SHA256, delivered at-least-once, retried on a fixed schedule, and replayable from a dead-letter queue. You will never miss an event because a deploy was mid-flight.
| Event | When it fires |
|---|---|
message.sent | Accepted by the provider — id, channel, template. |
message.delivered | Confirmed where the channel supports receipts. |
message.failed | Final failure after fallbacks — with the why. |
provider.circuit_opened | A provider is misbehaving; traffic rerouted. |
quota.threshold | Approaching a tenant limit. |
message.replied | Inbound reply on a two-way channel. |
The platform conventions every SK product obeys — learn them once, rely on them everywhere.
Every mutation takes an Idempotency-Key. Same key + body returns the original result; a conflicting body gets 409.
Sortable, debuggable IDs like msg_01J9X... — you can read the type and the time right off the wire.
Stable cursors that never skip or repeat a row when data changes mid-list. No page-offset drift.
Isolation enforced in the database. 404-over-403, so the existence of another tenant's record never leaks.
HMAC-SHA256 on every delivery, with the full retry schedule and dead-letter replay above.
The OpenAPI spec is generated from the code's validators and checked in CI — the docs can't lie.
Send through one API and let the spine pick channels, fall back on failure, enforce quotas and write the audit. Every other SK product sends through this exact surface — and you can too, inheriting the same resilience instead of orchestrating providers yourself.
A single POST with a template and a channel list sends it — with automatic fallback, a delivery receipt, and an audit record, no provider plumbing on your side.
Auth, errors, pagination, every endpoint and schema — written once for the platform, shared by every product.
docs.softknack.com/notifications See pricing →