Server-to-Server API Token Setup¶

Step 1: Generate Token¶

python3 -c "import secrets; print(secrets.token_hex(32))"

Step 2: Add to Messages .env¶

DJANGO_SERVER_TO_SERVER_API_TOKENS=<generated-token>

The DJANGO_ prefix is required by django-configurations. Without it, the setting defaults to an empty list [].

Step 3: Restart Messages Backend¶

docker compose up -d backend

Step 4: Create API Channel¶

Run this in the Messages backend Django shell:

from core.models import Channel
import hashlib

api_key = "<generated-token>"
key_hash = hashlib.sha256(api_key.encode('utf-8')).hexdigest()

channel = Channel.objects.create(
    name='calendars',
    type='api_key',
    scope_level='global'
)

channel.encrypted_settings = {'api_key_hashes': [key_hash]}
channel.settings = {'scopes': ['messages:send', 'mailboxes:read']}
channel.save()

print(f"Channel ID: {channel.id}")

Save the channel ID — it's needed in the Calendars .env.

Step 5: Verify Authentication¶

Test with curl:

curl -s -o /dev/null -w "%{http_code}" \
  -H "X-API-Key: <token>" \
  -H "X-Channel-Id: <channel-id>" \
  "https://api.messages.<domain>/api/v1.0/provisioning/mailboxes/?user_email=<user-email>"

Expected: 200 (returns mailbox data)

If 401: token or channel ID mismatched If 403: channel missing mailboxes:read scope

Available Scopes¶

Scope Value	Description
`metrics:read`	Read usage metrics
`mailboxes:read`	Read mailboxes and their users/roles
`messages:send`	Send outbound messages via `/api/v1.0/submit/`
`maildomains:create`	Create new mail domains

The Calendars integration needs mailboxes:read + messages:send.