NIN Connect Docs
Platform (Self-Host)Dashboard

API Keys

Generate and manage developer API keys (nk_live_*) used to authenticate SDK and REST API calls.

How API Keys Work

Every SDK and /api/v1/* REST call requires a valid API key in the Authorization header:

Authorization: Bearer nk_live_...

Security Model

  • Keys are generated with a nk_live_ prefix followed by 24 random bytes (base64url)
  • Only the SHA-256 hash of the key is stored in the database
  • The raw key is shown once at creation time — copy it immediately
  • Keys are validated by hashing the incoming key and comparing against stored hashes
  • Each key tracks lastUsedAt for audit purposes

Creating a Key

  1. Go to API Keys in the sidebar
  2. Click Create Key
  3. Optionally add a label (e.g. "Production", "Development")
  4. Copy the raw key from the dialog — it will not be shown again

Revoking a Key

Click Revoke next to any key in the list. This permanently deletes the key hash from the database. Any SDK clients using that key will immediately start receiving 401 errors.

API Endpoints

MethodPathDescription
GET/api/dashboard/api-keysList keys (prefix, label, dates — never the hash)
POST/api/dashboard/api-keysCreate a key (returns raw key once)
DELETE/api/dashboard/api-keys?id=...Revoke a key

These endpoints require developer authentication (Firebase token).

On this page