Skip to main content

Authentication

The Nedzo API uses Bearer token authentication. All API requests must include your API key in the Authorization header.

API Keys

API keys are created in the Nedzo dashboard and can be scoped to:
  • Account-level: Access all workspaces in your account
  • Workspace-level: Access only a specific workspace

Making Authenticated Requests

Include your API key in the Authorization header: 
curl https://api.nedzo.ai/v1/workspaces \
  -H "Authorization: Bearer sk_live_xxxxxxxxxxxxxxxx"

API Key Format

Nedzo API keys follow this format:
EnvironmentFormatExample
Productionsk_live_*sk_live_abc123...
Testsk_test_*sk_test_xyz789...

Error Responses

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "type": "https://api.nedzo.ai/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Invalid or missing API key"
}

Security Best Practices

API keys should only be used in server-side code. Never include them in JavaScript that runs in browsers or mobile apps.
Store API keys in environment variables, not in your codebase.
export NEDZO_API_KEY=sk_live_xxxxxxxx
Periodically rotate your API keys, especially if you suspect they may have been compromised.
When possible, use workspace-scoped keys to limit the blast radius if a key is compromised.

Rate Limits

API requests are rate-limited to ensure fair usage:
PlanRequests per minute
Free60
Pro300
EnterpriseCustom
When rate limited, you’ll receive a 429 Too Many Requests response with a Retry-After header.