Skip to content

API keys

API keys are project-scoped and come in two types:

TypeUsed forAccepted by
secret (nrn_sk_...)Server-side calls to platform-api, service-api, and MCP.platform-api, service-api, MCP
publishable (nrn_pk_...)Browser-facing surfaces (e.g. the web widget).Not accepted by service-api or MCP.

A key is the grant — presenting a valid secret key resolves directly to { apiKeyId, projectId, organizationId, keyType } with no further membership check. There is no concept of “this key acts as user X” — it acts for the project it was minted under.

  1. Create (or use) a platform-type project.
  2. On platform.v2.nairon.xyz, go to that project’s API Keys page.
  3. Click Create key, choose the type, and copy the plaintext value immediately — it is shown only once. Nairon stores only a SHA-256 hash plus the key’s prefix/last-4 for display.
  4. Revoke a key from the same page at any time; revocation is immediate.
Terminal window
curl https://api.v2.nairon.xyz/v1/me -H "Authorization: Bearer NAIRON_API_KEY"
{"apiKeyId": "...", "projectId": "...", "organizationId": "...", "keyType": "secret"}

Treat nrn_sk_... keys like any other credential — never commit them, and never embed a real key in a shared code sample. All examples in this documentation use the placeholder NAIRON_API_KEY.