API keys
Every request to the NextKS API must include an API key in the X-API-Key header.
curl -X POST https://app.nextks.com/api/notify \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ ... }'
Creating a key
- Sign in at app.nextks.com
- Open the Account page from the sidebar
- Under Personal API Keys, click Generate New Key
- Enter a descriptive label (e.g., “CI/CD Pipeline”, “Monitoring Alerts”)
- Copy the key from the dialog immediately — it is shown only once
API keys are SHA-256 hashed before storage. If you lose a key, you must generate a new one.
Key dashboard
Your keys (Account page)
Every user can create and revoke their own keys from the Account page. The table shows:
| Column | Description |
|---|
| Key prefix | First characters, for identification |
| Created | When the key was generated |
| Last used | Timestamp of the most recent API call |
Organization overview (Admin Settings)
Organization admins can see all API keys created by any user in Admin Settings. This view includes the key owner’s name and email. Admins can search and revoke any key.
Error responses
| Status | Meaning |
|---|
401 | Missing or invalid API key |
429 | Rate limit exceeded — see Rate Limits |
{
"status": "error",
"details": "Invalid API key"
}
Security notes
- Keys are transmitted over HTTPS only
- Each key is SHA-256 hashed before storage — NextKS never stores plaintext keys
- Revoking a key is immediate and cannot be undone
- Rotate keys regularly and revoke any that may have been exposed
