Authentication

The Nudg3 API uses API keys to authenticate requests. All API requests must include a valid API key in the request headers.

API Key Format

Nudg3 API keys follow a specific format:

nudg3_[env]_ak_[key_id]_[random_chars]

Part	Description
`nudg3`	Prefix identifier (always present)
`[env]`	Environment: `live` for production, `test` for sandbox
`ak`	API key type identifier
`[key_id]`	8-character unique key identifier
`[random_chars]`	32-character cryptographically secure random string

Example Key

nudg3_live_ak_a1b2c3d4_xYz9AbCdEf...

The key format allows Nudg3 to quickly identify invalid keys without database lookups, reducing latency for error responses.

Using Your API Key

Include your API key in the Authorization header using the Bearer scheme:

curl https://api.nudg3.ai/api/v1/dashboard \
  -H "Authorization: Bearer nudg3_live_ak_your_key"

Alternatively, you can use the X-API-Key header:

curl https://api.nudg3.ai/api/v1/dashboard \
  -H "X-API-Key: nudg3_live_ak_your_key"

The Authorization: Bearer method is recommended as it follows OAuth 2.0 conventions.

Creating API Keys

Log in to your Nudg3 Dashboard
Go to Settings > API Keys
Click Create New Key
Configure your key:
- Name: A descriptive name for the key
- Scopes: Permissions for the key (see below)
- IP Allowlist (optional): Restrict key usage to specific IPs
Click Create and copy your key

API keys are only shown once at creation. Store them securely!

Scopes and Tiers

API keys have scoped permissions organized into two tiers:

API Tiers

Tier	Scopes	Description
Basic (Tier 1)	`read:analytics`	Core analytics access
Premium (Tier 2)	`read:analytics` + `export:data`	Analytics + data exports

Available Scopes

Scope	Description	Endpoints
`read:analytics`	Read analytics data	`/dashboard`, `/brands`, `/prompts`, `/sources`, `/urls`, `/responses`, `/aio-metrics`, `/filters`
`export:data`	Export data to CSV/TSV	`/exports/*`

Export endpoints require both read:analytics and export:data scopes. A key with only read:analytics cannot access export endpoints.

Checking Key Scopes

The API returns your key's scopes in the rate limit response headers:

X-API-Scopes: read:analytics,export:data
X-API-Tier: premium

Security Best Practices

Environment Variables

Store API keys in environment variables, not in code:

# .env file
NUDG3_API_KEY=nudg3_live_ak_your_key

// Access in code
const apiKey = process.env.NUDG3_API_KEY;

Key Rotation

Regularly rotate your API keys:

Create a new key with the same scopes
Update your applications to use the new key
Verify everything works
Revoke the old key

IP Allowlisting

For production keys, restrict usage to known IP addresses:

Go to Settings > API Keys
Edit your key
Add allowed IP addresses or CIDR ranges
Save changes

Never Expose Keys

Don't commit keys to version control
Don't include keys in client-side JavaScript
Don't share keys in public forums or documentation
Do use environment variables
Do use server-side code to make API calls

Revoking Keys

If a key is compromised:

Go to Settings > API Keys
Find the compromised key
Click Revoke
Create a new key
Update your applications

Revoked keys are immediately invalidated. All requests using that key will fail with a 401 error.

Error Responses

Authentication errors return specific error codes:

HTTP Code	Error	Description
401	`invalid_api_key`	API key is invalid or malformed
401	`expired_api_key`	API key has been revoked
403	`insufficient_scope`	Key lacks required scope
403	`ip_not_allowed`	Request from non-allowlisted IP

Example error response:

{
  "error": {
    "code": "invalid_api_key",
    "message": "The provided API key is invalid",
    "hint": "Check that you're using the correct key format"
  }
}

Next Steps

Rate Limits

Understand rate limiting policies

API Reference

Explore available endpoints

Error Handling

Handle authentication errors

Authentication

Rate Limits

API Reference

Error Handling

On this page