Platform (Self-Host)Dashboard
API Keys
Generate and manage developer API keys (nk_live_*) used to authenticate SDK and REST API calls.
How API Keys Work
Every SDK and /api/v1/* REST call requires a valid API key in the Authorization header:
Authorization: Bearer nk_live_...Security Model
- Keys are generated with a
nk_live_prefix followed by 24 random bytes (base64url) - Only the SHA-256 hash of the key is stored in the database
- The raw key is shown once at creation time — copy it immediately
- Keys are validated by hashing the incoming key and comparing against stored hashes
- Each key tracks
lastUsedAtfor audit purposes
Creating a Key
- Go to API Keys in the sidebar
- Click Create Key
- Optionally add a label (e.g. "Production", "Development")
- Copy the raw key from the dialog — it will not be shown again
Revoking a Key
Click Revoke next to any key in the list. This permanently deletes the key hash from the database. Any SDK clients using that key will immediately start receiving 401 errors.
API Endpoints
| Method | Path | Description |
|---|---|---|
GET | /api/dashboard/api-keys | List keys (prefix, label, dates — never the hash) |
POST | /api/dashboard/api-keys | Create a key (returns raw key once) |
DELETE | /api/dashboard/api-keys?id=... | Revoke a key |
These endpoints require developer authentication (Firebase token).