Skip to main content

Authentication

Nexio uses API key authentication for all programmatic access to the API. Keys are created and managed in the Nexio dashboard.

API Key Header

Include your API key in the X-API-Key header on every request: 
curl https://api.usenexio.com/api/v1/jobs \
  -H "X-API-Key: nx_live_YOUR_KEY"
Never include API keys in client-side code, browser JavaScript, or public repositories. API keys have full access to your organization’s resources and are billed accordingly.

Key Types

PrefixEnvironmentBillingNotes
nx_live_ProductionBilledFull access, real data
nx_test_SandboxNot billedSame endpoints, test data only
Use nx_test_ keys during development and testing. Switch to nx_live_ when you go to production.

Creating API Keys

  1. Sign in to platform.usenexio.com
  2. Go to Settings → API Keys
  3. Click Create Key
  4. Give the key a descriptive name (e.g., production-backend, ci-testing)
  5. Copy the key value — it is shown only once
If you lose a key, revoke it immediately and create a new one. Nexio cannot recover or re-display key values after creation.

Revoking Keys

To revoke a key:
  1. Go to Settings → API Keys in the dashboard
  2. Find the key and click Revoke
Revoked keys are invalidated immediately. Any requests using a revoked key will receive a 401 Unauthorized response.

Dashboard Authentication

The Nexio dashboard uses a separate session-based authentication system (WorkOS). Dashboard access does not grant API access and vice versa. To use the API programmatically, you always need an API key — not dashboard credentials.

Error Responses

If your key is missing, invalid, or revoked, the API returns: 
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  }
}
with HTTP status 401 Unauthorized. If your key is valid but doesn’t have access to a specific resource, you’ll receive: 
{
  "error": {
    "code": "forbidden",
    "message": "Access denied"
  }
}
with HTTP status 403 Forbidden.