Skip to main content
Every request to the Nxos API must include an API key. Keys are scoped to a single organization and carry full access to that organization’s resources.

Obtaining an API key

API keys are created in the Nxos dashboard. Each key is shown once at creation time — store it securely. If you lose a key, revoke it and create a new one. Keys follow the format: 
nxos_sk_live_...   # production
nxos_sk_test_...   # sandbox

Authenticating requests

Pass your API key as a Bearer token in the Authorization header: 
curl https://api.sandbox.nxos.io/v1/accounts \
  -H "Authorization: Bearer nxos_sk_test_abc123..."
Every authenticated response includes a requestId in error bodies. Quote this ID when contacting support.

Error responses

Missing or invalid keys return a 401 status: 
{
  "error": {
    "code": "invalid_api_key",
    "message": "The provided API key is invalid.",
    "requestId": "req_abc123"
  }
}
Error codeMeaning
missing_api_keyNo Authorization header, or it doesn’t start with Bearer .
invalid_api_keyThe key doesn’t exist or has been revoked.
authentication_failedKey verification failed due to a server error. Retry the request.

Security recommendations

  • Never embed API keys in client-side code. They should only be used server-to-server.
  • Use sandbox keys (nxos_sk_test_...) during development. They cannot access production resources.
  • Rotate keys periodically. You can have multiple active keys per organization.
  • Revoke compromised keys immediately from the dashboard.