Authentication
The REST API uses API keys for authentication. Each key is scoped to your team and provides access to all of your team’s process templates and instances.
Creating an API Key
Go to the API settings page
Navigate to Manage > API in the sidebar menu.
Click “Create Key”
Give your key a descriptive name (e.g., “Zapier Integration” or “Internal Dashboard”).
Copy the key immediately
Your full API key is only shown once at creation time. It starts with nxs_live_ and looks like:
nxs_live_d9f6c9b30d6fffa4f419a035960c6af0Store your API key securely. If you lose it, you’ll need to create a new one.
Using Your API Key
Include the key in the Authorization header of every request:
curl -H "Authorization: Bearer nxs_live_your_key_here" \
https://getnextstep.io/api/v1/process-templatesError Responses
| Status | Code | Meaning |
|---|---|---|
401 | unauthorized | Missing, invalid, or revoked API key |
403 | forbidden | Subscription expired or insufficient permissions |
429 | rate_limited | Too many requests (wait and retry) |
Example error:
{
"error": {
"code": "unauthorized",
"message": "Invalid or revoked API key"
}
}Revoking a Key
Go to Manage > API, find the key in the list, and click the trash icon. Revoked keys immediately stop working for all requests.
Security Best Practices
- Never commit API keys to source control
- Use environment variables to store keys in your application
- Create separate keys for different integrations so you can revoke them independently
- Rotate keys periodically if they may have been exposed
API keys can only be created and managed by team admins and owners.
Last updated on