logo
Get StartedAuthentication

Authentication

Authenticate API requests using a personal access token sent as a Bearer token in the Authorization header.

Bearer token authentication

All authenticated endpoints require a personal access token. Pass it in the Authorization header on every request:

Authorization: Bearer your_api_token_here

Example request

curl https://app.nashra.ai/api/v1/subscribers \
  -H "Authorization: Bearer your_api_token_here"

The token resolves to your workspace, so all responses are scoped to the workspace that owns the token. There's no separate workspace ID parameter.

The public website endpoints under /api/v1/tenants/{slug}/... do not require a token. See the API Overview.

Creating an API token

Open Settings → API Tokens

Find it in the Nashra dashboard.

Click Create Token

Give it a clear name — e.g., "Website Integration", "Zapier", "Internal CRM Sync".

Set an expiration (optional)

Pick an expiry, or leave it blank for no expiration.

Copy your token

The token is shown once. Copy it and store it somewhere safe — you can't view it again.

Tokens are shown once at creation. If you lose one, delete it and create a new one.

Token expiration

Tokens without an expiry remain valid until you delete them. Tokens with an expiry stop working at the chosen date.

To revoke any token, go to Settings → API Tokens and delete it. Pending requests using that token immediately start returning 401 Unauthorized.

Usage tracking

Each token has a usage counter that increments on every authenticated request. Use it to spot tokens that are still in use vs. ones you can safely revoke.

Security best practices

  • HTTPS only — The API does not accept HTTP. Always use https://.
  • Treat tokens like passwords — Never commit them to a repo, paste them in screenshots, or share them in chat.
  • One token per integration — Easier to revoke a single integration without affecting others.
  • Rotate periodically — Especially for tokens with no expiry.
  • Revoke compromised tokens immediately — Delete the token in Settings → API Tokens and create a new one.
Was this page helpful?

Last updated 3 weeks ago

Built with Documentation.AI