API keys
Every request to the NextKS API must include an API key in the X-API-Key header. Keys are scoped to your organization (tenant) and tied to the user who created them.
curl -X POST https://app.nextks.com/api/notify \
-H "X-API-Key: nks_abc123..." \
-H "Content-Type: application/json" \
-d '{ ... }'
Creating a key
- Sign in to the NextKS dashboard at app.nextks.com
- Go to Account
- Under API Keys, click Create Key
- Give the key a descriptive label (e.g., “CI/CD Pipeline”, “Monitoring Alerts”)
- Copy the key immediately — it is shown only once
API keys are hashed before storage. If you lose a key, you must create a new one.
Key properties
| Property | Description |
|---|
label | A human-readable name you choose |
prefix | The first 8 characters, shown in the dashboard for identification |
created_by | The user who generated the key |
last_used_at | Timestamp of the most recent API call using this key |
Error responses
| Status | Meaning |
|---|
401 | Missing or invalid API key |
429 | Rate limit exceeded — see Rate Limits |
{
"status": "error",
"details": "Invalid API key"
}
Security notes
- Keys are transmitted over HTTPS only
- Each key is SHA-256 hashed before storage — NextKS never stores plaintext keys
- Admin users can view and revoke any key in the organization via Admin Settings
- Rotate keys regularly and revoke any that may have been exposed
