Skip to content

Authentication

Nimbus uses API keys to authenticate requests. Every request must include an Authorization header.

curl https://api.nimbus.example.com/v1/buckets \
  -H "Authorization: Bearer YOUR_API_KEY" # (1)!
  1. Replace YOUR_API_KEY with a key from the dashboard.

Keep your key secret

Never commit API keys to source control or expose them in client-side code. Use environment variables or a secrets manager instead.

Key types

Key type Scope Use case
live Full read/write on production Server-side production code
test Full read/write on a sandbox CI and local development
readonly Read-only on production Analytics, dashboards

Rotating keys

nimbus keys rotate --id key_123
What happens to the old key?

The previous key remains valid for 24 hours to allow a graceful rollover, then it's automatically revoked.