Skip to main content

API Key Authentication

All Nonce Private API requests require authentication using an API key passed in the request header.

Header Format

You can authenticate using either of the following header formats: Option 1: x-api-key header 
curl -X GET "https://api.nonce.app/private-api/v1/{workspace_id}/farms" \
  -H "x-api-key: your_api_key_here"
Option 2: Authorization Bearer header 
curl -X GET "https://api.nonce.app/private-api/v1/{workspace_id}/farms" \
  -H "Authorization: Bearer your_api_key_here"
Both formats are supported and functionally equivalent. Choose the one that best fits your application’s architecture.

Obtaining an API Key

API keys are currently available by contacting the Nonce platform administrator. Please reach out to [email protected] to request access.

Authentication Errors

Status CodeErrorDescription
401UnauthorizedMissing x-api-key header
401UnauthorizedInvalid or expired API key
403ForbiddenAPI key does not have permission for this resource

Example Error Response

{
  "statusCode": 401,
  "message": "Missing x-api-key header",
  "error": "Unauthorized"
}

Security Best Practices

  • Never expose your API key in client-side code
  • Store API keys in environment variables
  • Rotate your API keys periodically
  • Use separate API keys for different environments (development, production)