Authentication

All API requests require authentication using your API key. The API key can be found in your Nanonets Dashboard.

Basic Authentication

The API key should be sent as the username in Basic Authentication, with an empty password. Here's how to authenticate:

Python

import requests
from requests.auth import HTTPBasicAuth

API_KEY = 'YOUR_API_KEY'
url = "https://app.nanonets.com/api/v4/workflows"

response = requests.get(
    url,
    auth=HTTPBasicAuth(API_KEY, '')
)
print(response.json())

cURL

curl -X GET \
  -H "Authorization: Basic YOUR_API_KEY" \
  https://app.nanonets.com/api/v4/workflows

Node.js

const axios = require('axios');

const API_KEY = 'YOUR_API_KEY';
const url = 'https://app.nanonets.com/api/v4/workflows';

axios.get(url, {
  auth: {
    username: API_KEY,
    password: ''
  }
})
.then(response => {
  console.log(response.data);
})
.catch(error => {
  console.error(error);
});

Go

package main

import (
    "fmt"
    "net/http"
    "encoding/base64"
)

func main() {
    API_KEY := "YOUR_API_KEY"
    url := "https://app.nanonets.com/api/v4/workflows"

    req, err := http.NewRequest("GET", url, nil)
    if err != nil {
        fmt.Println(err)
        return
    }

    auth := base64.StdEncoding.EncodeToString([]byte(API_KEY + ":"))
    req.Header.Add("Authorization", "Basic "+auth)

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
        fmt.Println(err)
        return
    }
    defer resp.Body.Close()
}

Security Best Practices

1. Keep Your API Key Secure

   • Never share your API key publicly
   • Don't commit API keys to version control
   • Use environment variables to store API keys

2. API Key Management

   • Rotate API keys periodically
   • Use different API keys for different environments
   • Monitor API key usage for suspicious activity

3. Request Security

   • Always use HTTPS
   • Validate API responses
   • Implement proper error handling

For more information about best practices, see our Best Practices Guide.

Error Responses

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "code": "unauthorized",
  "message": "Invalid API key",
  "details": {
    "error": "Authentication failed"
  }
}

Rate Limiting

API requests are subject to rate limiting based on your plan. When you exceed the rate limit, you'll receive a 429 Too Many Requests response:

{
  "code": "rate_limit_exceeded",
  "message": "Rate limit exceeded",
  "details": {
    "retry_after": 60
  }
}

The retry_after field indicates the number of seconds to wait before making another request.

Best Practices

1. Environment Variables: Store your API key in environment variables
2. Key Rotation: Regularly rotate your API keys
3. Error Handling: Implement proper error handling for authentication failures
4. Rate Limiting: Implement exponential backoff for rate limit errors

Python

import os
import requests
from requests.auth import HTTPBasicAuth

API_KEY = os.environ.get('NANONETS_API_KEY')
url = "https://app.nanonets.com/api/v4/workflows"
res = requests.get(url, auth=HTTPBasicAuth(API_KEY, ''))

Node.js

const axios = require('axios');

const API_KEY = process.env.NANONETS_API_KEY;
const url = 'https://app.nanonets.com/api/v4/workflows';

axios.get(url, {
  auth: {
    username: API_KEY,
    password: ''
  }
})
.then(response => {
  console.log(response.data);
})
.catch(error => {
  console.error(error);
});

Go

package main

import (
    "fmt"
    "net/http"
    "os"
    "encoding/base64"
)

func main() {
    API_KEY := os.Getenv("NANONETS_API_KEY")
    url := "https://app.nanonets.com/api/v4/workflows"

    req, err := http.NewRequest("GET", url, nil)
    if err != nil {
        fmt.Println(err)
        return
    }

    auth := base64.StdEncoding.EncodeToString([]byte(API_KEY + ":"))
    req.Header.Add("Authorization", "Basic "+auth)

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
        fmt.Println(err)
        return
    }
    defer resp.Body.Close()
}