API Reference

Authentication

Learn how to authenticate with the Nurosentrix API.

REST APIAPI index

Overview

Nurosentrix uses token-based authentication. You can create API tokens in the dashboard and use them to authenticate API requests.

Creating API Tokens

  1. Log in to the Nurosentrix dashboard
  2. Go to Settings → API Keys
  3. Click "Create API Key"
  4. Give your token a descriptive name
  5. Select the permissions for this token
  6. Click "Create"
Important:

The full token is only shown once when created. Store it securely - you cannot retrieve it later.

Using API Tokens

Include your token in the Authorization header of every request:

Authorization: Bearer nsx_live_abc123...

Example Request

curl -X GET "https://app.nurosentrix.com/api/v1/servers" \
  -H "Authorization: Bearer nsx_live_abc123..." \
  -H "Content-Type: application/json"

Token Types

Live Tokens

Live tokens (prefixed with nsx_live_) have full access to your production resources. Use these in your production applications.

Test Tokens

Test tokens (prefixed with nsx_test_) are for development and testing. They have the same permissions but operate in a sandboxed environment.

Token Permissions

When creating a token, you can restrict its permissions:

PermissionDescription
servers:readView servers
servers:writeCreate, update, delete servers
instances:readView instances
instances:writeCreate, update, delete instances
instances:actionsStart, stop, restart instances
backups:readView backups
backups:writeCreate, delete backups
backups:restoreRestore backups
settings:readView account settings
settings:writeUpdate account settings

Error Responses

401 Unauthorized

Returned when no token is provided or the token is invalid:

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing authentication token"
  }
}

403 Forbidden

Returned when the token doesn't have permission for the requested action:

{
  "success": false,
  "error": {
    "code": "FORBIDDEN",
    "message": "Token does not have permission: servers:write"
  }
}

Session Authentication

For the web dashboard, Nurosentrix uses session-based authentication with JWT tokens. This is handled automatically when you log in through the web interface.

Login

POST /auth/login
{
  "email": "user@example.com",
  "password": "your-password"
}

Response

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIs...",
    "expires_at": "2024-01-16T10:30:00Z",
    "user": {
      "id": "usr_abc123",
      "email": "user@example.com",
      "name": "John Doe"
    }
  }
}

Security Best Practices

  • Never expose tokens in client-side code - API tokens should only be used server-side
  • Use environment variables - Store tokens in environment variables, not in code
  • Rotate tokens regularly - Create new tokens and revoke old ones periodically
  • Use minimal permissions - Only grant the permissions each token needs
  • Monitor token usage - Review API logs for unusual activity

Revoking Tokens

To revoke an API token:

  1. Go to Settings → API Keys
  2. Find the token you want to revoke
  3. Click the delete icon
  4. Confirm the revocation

Revoked tokens are immediately invalidated and cannot be used for any API requests.