Skip to main content
NestAPI uses API keys. Every request must include your key in the Authorization header as a Bearer token:
Authorization: Bearer YOUR_API_KEY

Getting a key

You can obtain keys in two ways:
  • Dashboard — create and manage keys from your NestAPI account.
  • API — if you hold an Admin-class key, manage keys programmatically via the account endpoints.

Sign up for a trial

New to NestAPI? Start a trial to get a key.

Making an authenticated request

curl https://dev.api.nestapi.com/auth/validate \
  -H "Authorization: Bearer YOUR_API_KEY"
GET /auth/validate confirms the key is active and returns basic identity info (Valid, UserId) — a quick way to check a key works.

Verifying a key

Two account endpoints help you check a key’s state:
EndpointPurpose
GET /auth/validateConfirms the key is active and returns basic identity info.
GET /apiKey/validUntilReturns the key’s expiry date (or 31/12/9999 if it never expires).

Key classes

ClassCan do
UsageSubmit nesting and importer requests. The default.
AdminEverything a Usage key can, plus manage browser origins and fairness settings.

Security

Treat API keys like passwords. Never embed them in client-side code or commit them to source control. For browser-based apps, restrict a key to specific origins with the allowed-origins endpoints and keep long-lived keys server-side.
  • Rotate keys periodically, and set an expiry for time-boxed integrations.
  • Disable a compromised key immediately.
Key creation, rotation, and disabling are done from your NestAPI dashboard — see API keys.