Skip to main content
Every request to the Nxos API must include an API key. Keys are scoped to a single organization and carry full access to that organization’s resources.

Obtaining an API key

API keys are created in the Nxos dashboard. Each key is shown once at creation time — store it securely. If you lose a key, revoke it and create a new one. Keys follow the format:

Authenticating requests

Pass your API key as a Bearer token in the Authorization header:
Every authenticated response includes a requestId in error bodies. Quote this ID when contacting support.

Error responses

Missing or invalid keys return a 401 status:
Error codeMeaning
missing_api_keyNo Authorization header, or it doesn’t start with Bearer .
invalid_api_keyThe key doesn’t exist or has been revoked.
authentication_failedKey verification failed due to a server error. Retry the request.

Security recommendations

  • Never embed API keys in client-side code. They should only be used server-to-server.
  • Use sandbox keys (nxos_sk_test_...) during development. They cannot access production resources.
  • Rotate keys periodically. You can have multiple active keys per organization.
  • Revoke compromised keys immediately from the dashboard.