DashboardCommunityGet Started

Authentication

API keys, session tokens, management tokens, and portal sessions

Nahook uses different authentication methods depending on the API you're calling.

API Keys (Ingestion)

API keys authenticate requests to the ingestion API — the endpoints you call to send events into Nahook.

Header: Authorization: Bearer nhk_...

curl -X POST https://api.nahook.com/api/ingest/ep_abc123 \
  -H "Authorization: Bearer nhk_us_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"payload": {"event": "test"}}'

Key format: nhk_{region}_{hex} — a nhk_ prefix, a two-letter region code (currently us for all keys), and 64 hex characters (e.g., nhk_us_a1b2c3d4...). Additional regions (EU, APAC) are planned.

API keys are scoped to a specific environment within a workspace. Events ingested with a staging API key are only delivered to staging endpoints. Create them in the dashboard under API Keys, selecting the target environment. The full key is only shown once at creation — store it securely.

API keys are sensitive credentials. Never commit them to version control or expose them in client-side code.

Management Tokens (Management API)

Management tokens authenticate requests to the Management API — used for programmatic provisioning of endpoints, event types, and developer portal sessions.

Header: Authorization: Bearer nhm_...

curl https://api.nahook.com/management/v1/workspaces/ws_abc/endpoints \
  -H "Authorization: Bearer nhm_YOUR_TOKEN"

Management tokens are workspace-scoped and created in the dashboard under Management Tokens. You can set expiration (30 days, 90 days, 1 year, or never).

Portal Sessions (Developer Portal)

Portal sessions authenticate requests from the Developer Portal — the embeddable UI where your customers manage their own endpoints.

Portal sessions are short-lived and created via the Management API. See Embedding the Portal for the full flow.

Rate Limits

All authenticated API requests include rate limit headers:

X-RateLimit-Limit: 50        # Requests per second (varies by plan)
X-RateLimit-Remaining: 49    # Remaining in current window
X-RateLimit-Reset: 1711843260 # Unix timestamp when window resets

When exceeded, the API returns 429 Too Many Requests:

{
  "error": "Rate limit exceeded",
  "limit": 50,
  "retryAfter": 1
}
PlanRate Limit
Hobby3 req/s
Starter5 req/s
Pro10 req/s
Enterprise100 req/s (customizable)

Quickstart

Send your first webhook event in 5 minutes

Ingestion SDKs

Official client libraries for sending webhooks with Nahook

On this page

API Keys (Ingestion)Management Tokens (Management API)Portal Sessions (Developer Portal)Rate Limits