API Reference
Authentication
API key types and how to authenticate requests
Two key types:
| Key Type | Prefix | Use | Example |
|---|---|---|---|
| Publishable | pk_ | Client-side (React SDK, browsers) | pk_live_abc123... |
| Secret | sk_ | Server-side only (Node/Python SDKs, cURL) | sk_live_xyz789... |
Authentication: All authenticated endpoints require a Bearer token in the Authorization header:
Authorization: Bearer sk_live_your_secret_keyKey scoping:
- Publishable keys (pk_) can access: can, plans, checkout, billing status, subscriptions, invoices, credits, ws-token
- Secret keys (sk_) can access everything above PLUS: subscribe, cost-models, admin/reload, margin/* endpoints
Public endpoints (no key required):
- POST /api/v1/auth/send-otp
- POST /api/v1/auth/verify-otp
- POST /api/v1/auth/signup
Getting your keys: Sign in at app.nozle.app -> Settings -> API Keys.
Important: Never expose secret keys in client-side code. Use publishable keys for the React SDK and secret keys only on your server.