Authorization header of every request you make. This page walks you through exactly how to do that, what the two key types mean, and how to keep your credentials safe.
Finding and Generating API Keys
API keys are created and managed in the Nomiq Dashboard under Workspace Settings → API Keys. Click Create New Key, give it a descriptive label (for example,production-backend or ci-pipeline), and copy the full key value immediately — Nomiq will only display the secret once. If you navigate away before copying, revoke the key and generate a fresh one.
You must be on an Agency or Pro billing tier to generate API keys. Free tier accounts do not have API access enabled.
Test Keys vs. Live Keys
Nomiq provides two classes of API key to keep your development and production environments fully isolated.
Use Test keys for all local development, automated testing, and CI/CD pipelines. Switch to a Live key only in your production deployment. Test key usage is completely free and does not affect your monthly quota.
Passing Your API Key in Requests
Include your API key in theAuthorization header of every HTTP request as a Bearer token. The format is always Authorization: Bearer <your_key> — note the single space between Bearer and your key value.
Storing Keys Securely
The single most important security rule is: never commit an API key to source control. Beyond that, follow these practices to keep your credentials safe across every environment. Use environment variables. Store your key in a.env file locally and in your host’s secret management system (for example, AWS Secrets Manager, Heroku Config Vars, or Vercel Environment Variables) in production. Load it into your application at runtime — never at build time.
.env
.env is listed in your .gitignore before your first commit:
Terminal
Authentication Error Codes
The table below covers every authentication-related HTTP status code you may encounter, along with its most common cause and the recommended fix.Key Rotation Workflow
If you suspect a key has been compromised, rotate it immediately using this zero-downtime procedure.1
Generate a Replacement Key
In the Nomiq Dashboard, navigate to Workspace Settings → API Keys and click Create New Key. Label it clearly (for example,
production-backend-2) and copy the value immediately.2
Deploy the New Key
Update the
NOMIQ_API_KEY environment variable in your production environment to the new key value and restart your application or trigger a redeployment. Confirm that requests are succeeding with the new key before proceeding.3
Revoke the Old Key
Return to Workspace Settings → API Keys, find the old key, and click Revoke. Any request that still carries the old key will immediately receive a
401 Unauthorized response.Next Steps
API Reference Overview
Review base URL conventions, pagination parameters, and idempotency headers used across all endpoints.
Rate Limits
Understand per-plan request limits and how to handle 429 errors gracefully in your integration.