Documentation Index
Fetch the complete documentation index at: https://docs.nexalayer.net/llms.txt
Use this file to discover all available pages before exploring further.
Authentication
NexaLayer supports two authentication modes. API Key is recommended for AI Agents — no token lifecycle to manage.
Mode 1: API Key (recommended)
Send the API key on every request. No token exchange or refresh.
| Header | Value |
|---|
X-API-Key | Your api_key (e.g. ak_a1b2c3d4e5f6g7h8) |
curl -X GET "https://api.nexalayer.net/v1/account/info" \
-H "X-API-Key: ak_xxxxxxxxxxxxxxxx"
- Use for all server-side and agent workloads.
- Key is long-lived until you rotate it; no expiry handling needed.
Mode 2: JWT Token (optional)
Exchange api_key + api_secret for a short-lived Bearer token. Use when you need token expiry semantics (e.g. web console).
Obtain token
curl -X POST "https://api.nexalayer.net/v1/auth/token" \
-H "Content-Type: application/json" \
-d '{
"api_key": "ak_xxxxxxxxxxxxxxxx",
"api_secret": "sk_xxxxxxxxxxxxxxxx"
}'
Use token
| Header | Value |
|---|
Authorization | Bearer <access_token> |
Refresh token
Before expiry, call:
curl -X POST "https://api.nexalayer.net/v1/auth/refresh" \
-H "Authorization: Bearer <current_token>"
Comparison
| API Key | JWT |
|---|
| Setup | One header | Token exchange + refresh |
| Lifetime | Long-lived | Short (e.g. 1 hour) |
| Best for | Agents, scripts, backend | Web console, high-security flows |
Security
- Store
api_key and api_secret in environment variables or a secret manager; do not commit them.
- Use HTTPS for all requests.
- Rotate secret via
POST /account/rotate-secret if compromised; API Key mode is unaffected.
Next: Accounts (register, info, rotate-secret).