Skip to main content

Authentication

NexaLayer supports two authentication modes. API Key is recommended for AI Agents — no token lifecycle to manage. Send the API key on every request. No token exchange or refresh.
HeaderValue
X-API-KeyYour api_key (e.g. ak_a1b2c3d4e5f6g7h8)
curl -X GET "https://api.nexalayer.net/v1/account/info" \
  -H "X-API-Key: ak_xxxxxxxxxxxxxxxx"
  • Use for all server-side and agent workloads.
  • Key is long-lived until you rotate it; no expiry handling needed.

Mode 2: JWT Token (optional)

Exchange api_key + api_secret for a short-lived Bearer token. Use when you need token expiry semantics (e.g. web console).

Obtain token

curl -X POST "https://api.nexalayer.net/v1/auth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "api_key": "ak_xxxxxxxxxxxxxxxx",
    "api_secret": "sk_xxxxxxxxxxxxxxxx"
  }'

Use token

HeaderValue
AuthorizationBearer <access_token>

Refresh token

Before expiry, call: 
curl -X POST "https://api.nexalayer.net/v1/auth/refresh" \
  -H "Authorization: Bearer <current_token>"

Comparison

API KeyJWT
SetupOne headerToken exchange + refresh
LifetimeLong-livedShort (e.g. 1 hour)
Best forAgents, scripts, backendWeb console, high-security flows

Security

  • Store api_key and api_secret in environment variables or a secret manager; do not commit them.
  • Use HTTPS for all requests.
  • Rotate secret via POST /account/rotate-secret if compromised; API Key mode is unaffected.
Next: Accounts (register, info, rotate-secret).