Authentication
Learn how to authenticate with the Nevuto API using API keys.
The Nevuto API uses API keys to authenticate requests. You can manage your keys from the Nevuto Dashboard.
API Keys
There are two types of API keys:
| Type | Prefix | Usage |
|---|---|---|
| Live | nv_live_ | Production environment |
| Test | nv_test_ | Sandbox environment (no real charges) |
Making Authenticated Requests
Include your API key in the Authorization header:
curl https://api.nevuto.com/v1/stores \
-H "Authorization: Bearer nv_live_your_api_key" \
-H "Content-Type: application/json"
With the JavaScript SDK:
import { Nevuto } from '@nevuto/sdk'
const client = new Nevuto({
apiKey: process.env.NEVUTO_API_KEY
})
Key Scopes
API keys can be scoped to limit access:
stores:read— Read store datastores:write— Create and update storesproducts:read— Read product dataproducts:write— Create and update productsorders:read— Read order datapayments:write— Process payments
Security Best Practices
- Never expose API keys in client-side code or public repositories
- Use environment variables to store keys
- Use test keys during development
- Rotate keys regularly from the dashboard
- Use scoped keys with minimum required permissions