IDEN
Wacommerce

Authentication

Authenticate every Public API request with an nxk_live bearer token.

Every Public API endpoint requires the `Authorization: Bearer nxk_live_...` header. This key only works for `/api/public/v1` — not the dashboard login or the session `/api/*` endpoints.

httpAuthorization: Bearer nxk_live_xxx

Key prefix vs full token

The Developers page only shows the key_prefix — a short identifier like `nxk_live_AbC123…`. The FULL token appears once at creation. Sending the key_prefix as the Bearer always yields `401`. Verify a key with `GET /api/public/v1/me` (200 returns scopes).

Safe practice

  • Store the token as an env var, never commit it
  • Rotate tokens if leaked
  • Scope tokens to what each integration needs