Authentication
Authenticate every Public API request with an nxk_live bearer token.
Every Public API endpoint requires the `Authorization: Bearer nxk_live_...` header. This key only works for `/api/public/v1` — not the dashboard login or the session `/api/*` endpoints.
httpAuthorization: Bearer nxk_live_xxxKey prefix vs full token
The Developers page only shows the key_prefix — a short identifier like `nxk_live_AbC123…`. The FULL token appears once at creation. Sending the key_prefix as the Bearer always yields `401`. Verify a key with `GET /api/public/v1/me` (200 returns scopes).
Safe practice
- Store the token as an env var, never commit it
- Rotate tokens if leaked
- Scope tokens to what each integration needs