Authentication
The Nexgent Public API uses API key-based authentication to authenticate and authorize API requests. Every request you make must include a valid API key in the request headers.
All API requests must be made over HTTPS. Requests without authentication, or using invalid credentials, will return a 401 Unauthorized error.
Using Your API Key
Include your API key in the Authorization header using the Bearer schema in every API request:
Authorization: Bearer {api_key}
Replace {api_key} with your actual API key value.
Example:
Authorization: Bearer zpka_xxx123exampleapikey
Generating API Keys
You can generate and manage your API keys in the Integrations section of the Nexgent Portal under Agent Configuration.
- Each user can create up to 10 active API keys.
- API keys can be created, deactivated, or rotated at any time through the portal.
- API keys are secret — ensure they are stored securely and never exposed publicly (e.g., in client-side code or public repositories).
Key Scope and Quotas
- Quotas are tied to your user account, not individual API keys.
- All API keys for a user share the same quota and rate limits.
- This allows you to manage multiple integrations securely while ensuring consistent quota enforcement.
Example: If you have 3 API keys, all API traffic from those keys counts toward your monthly and rate limit quotas.
API Key Security Best Practices
- Keep your API keys secure and private.
- Rotate your API keys periodically.
- Delete any unused or compromised API keys immediately.
- Use separate API keys for different environments (e.g., production vs. staging).
Error Handling
If authentication fails, the API will return a 401 Unauthorized error.
Example error response:
{
"error": {
"message": "Invalid API Key provided.",
"type": "authentication_error"
}
}
Ensure that your API key is included correctly in the Authorization header, and that it is active and valid.
Summary
| Requirement | Details |
|---|---|
| Authentication | API Key via Authorization: Bearer {api_key} header |
| API Key Limit | Up to 10 active API keys per user |
| Quota Enforcement | Quotas are linked to the user, not to individual keys |
| Rotation | API keys can be created, revoked, and rotated anytime |
More Information
For additional help with API keys, quotas, or security best practices, contact Nexgent support.