All API requests require a Bearer token in the Authorization header.
Authorization: Bearer YOUR_API_KEY
nc_live_<32 alphanumeric characters>
Getting Your API Key
- Log in to the dashboard
- Go to Settings → API Keys
- Click Create API Key
- Copy the key — it is shown exactly once and never stored in full
Store your API key securely. It grants full access to your workspace.
Never commit it to source control or expose it in client-side code.
Creating Additional Keys
curl -X POST https://api.actionlayer.dev/v1/api-keys \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "production-agent"}'
Revoking a Key
curl -X DELETE https://api.actionlayer.dev/v1/api-keys/{key_id} \
-H "Authorization: Bearer YOUR_API_KEY"
Rate Limits
| Endpoint | Limit |
|---|
| Auth endpoints | 5–60 req/min |
| Read endpoints | 60 req/min |
| Write endpoints | 10–20 req/min |
HTTP 429 with a Retry-After header.
Error Responses
All errors return a consistent shape:
{
"error": "unauthorized",
"message": "Invalid or revoked API key"
}
