REST API Overview
Complete HTTP API reference for the NIN Connect — both the v1 runtime API and the dashboard management API.
Two API Surfaces
NIN Connect exposes two groups of endpoints:
Runtime API (/api/v1/*)
Used by the SDK and your application to list plugins/tools, manage end-user connections, and execute tools. Authenticated with API keys (nk_live_*).
| Endpoint | Method | Description |
|---|---|---|
/api/v1/connections/initiate | POST | Generate a hosted connect URL for end-users |
/api/v1/connections | POST | Submit credentials directly (no redirect) |
/api/v1/connections | GET | List a user's active connections |
/api/v1/connections | DELETE | Disconnect a user from a plugin |
/api/v1/plugins | GET | List active plugins |
/api/v1/tools | GET | List enabled tools |
/api/v1/tools/execute | POST | Execute a tool |
/api/v1/oauth/callback | GET | OAuth callback (internal, not called directly) |
Dashboard API (/api/dashboard/*)
Used by the dashboard UI to manage plugins, tools, auth methods, categories, API keys, connections, and logs. Authenticated with Firebase tokens (admin or developer role).
These endpoints are documented inline in the Dashboard section pages.
Authentication
API Key Auth (v1 endpoints)
All /api/v1/* endpoints require a valid API key:
Authorization: Bearer nk_live_...The withApiKey middleware validates the key by SHA-256 hashing it and comparing against stored hashes. On success, the developer ID is injected into the handler context.
Firebase Auth (dashboard endpoints)
Dashboard endpoints use Firebase token verification:
- Admin routes (
requireAdmin) — plugins, tools, auth methods, categories - Developer routes (
authenticateDeveloper) — API keys, connections, logs
Error Responses
All endpoints return errors in a consistent format:
{
"error": "Description of the error"
}For validation errors (Zod):
{
"error": "Validation failed",
"details": {
"fieldErrors": { "slug": ["Required"] },
"formErrors": []
}
}