API Token Authentication
For developers and integrationsStandard JWT tokens from your Developer Settings for server-side API access (covered in this guide)
Enterprise Authentication
For enterprise deploymentsOAuth/SSO integration and user token authentication for seamless user experiences
1
Get Your API Token
Navigate to Settings → Organisation → Developer in your admin dashboard
2
Copy Your Token
Find the API Token field and copy the JWT token value
3
Use in Requests
Include the token in your API requests using the
x-api-token headerAuthentication Headers
All APIs use the same authentication header format:Important: All APIs use the same authentication header:
- Integration API, Admin API & Analytics API: All use
x-api-tokenheader - Headers are case-insensitive (x-api-token, X-API-TOKEN both work)
- Bearer prefix is optional for x-api-token headers
API Base URLs
The Nudj Platform uses organization-specific subdomains:{your-subdomain}- Your organization’s unique subdomain{api-type}- Eitheradmin,integration, oranalytics
| Organization | Subdomain | Admin API URL |
|---|---|---|
| Development | nudjdev | https://nudjdev.nudj.cx/api/v2/admin |
| Staging | nudjstaging | https://nudjstaging.nudj.cx/api/v2/admin |
| Your Org | yourcompany | https://yourcompany.nudj.cx/api/v2/admin |
Testing Authentication
API Playground
Use the interactive documentation to test endpoints with your token and subdomain
cURL Examples
Copy and modify the cURL examples with your credentials for quick testing
Error Responses
401 Unauthorized
- Missing or invalid token
- Expired token
- Wrong organization context
- Incorrect header format
403 Forbidden
- Token lacks required role
- Endpoint requires admin permissions
Security Best Practices
Never expose API tokens in:
- Client-side JavaScript
- Public repositories
- URL parameters
- Browser storage
- Store securely - Use environment variables or secret management systems
- Rotate regularly - Generate new tokens periodically
- Limit scope - Use role-based access control
- Monitor usage - Track API calls in your dashboard
- Revoke compromised tokens - Immediately invalidate exposed tokens
Rate Limiting
API endpoints implement rate limiting:| API Type | Limit | Window |
|---|---|---|
| Integration | 1000 req/min | Per organization |
| Admin | 500 req/min | Per organization |
| Analytics | 100 req/min | Per organization |
Troubleshooting
Token is being rejected
Token is being rejected
- Verify no extra spaces or line breaks in token
- Check you’re using the correct environment URL
- Ensure token hasn’t expired
- Confirm organization ID matches
Getting 404 errors
Getting 404 errors
- Verify the complete API path including /api/v2/
- Check you’re using the correct API type (admin/integration/analytics)
- Ensure the endpoint exists in the API reference
Local development not working
Local development not working
- Ensure API server is running on port 3000
- Check MongoDB connection in .env.local
- Verify organization fallback is configured
- Use —insecure flag for self-signed certificates
Need Different Authentication?
OAuth/SSO Integration
For enterprise customersSet up OAuth 2.0 or OpenID Connect for user authentication and SSO
User Token Authentication
For seamless user flowsDirect user authentication with encoded JWT tokens for pre-authenticated scenarios
Developer Settings
Access your API credentials and configuration