N Nexus Docs
Settings

API Keys

Generate and manage API keys for programmatic access to the NexusCommerce REST API.

Overview

The API Keys settings page lets you generate bearer tokens for programmatic access to the NexusCommerce REST API. Use API keys for integrations, automation scripts, CI/CD pipelines, and custom tooling that needs to interact with NexusCommerce without a user session.

Key Concepts

API Key — A long-lived bearer token scoped to a specific tenant. API keys act on behalf of the tenant (not a specific user) and have a configurable permission scope.

Tenant ID — Your tenant identifier, required in the X-Tenant-ID header on every API request. Found on this page.

Scope — The set of permissions granted to an API key. Scopes follow the pattern resource:action:

ScopeDescription
products:readRead product catalog
products:writeCreate and update products
orders:readRead orders
orders:writeUpdate order status, confirm shipments
inventory:readRead inventory levels
inventory:writeUpdate inventory quantities
pricing:readRead pricing rules and recommendations
pricing:writeCreate and update pricing rules
analytics:readQuery analytics data
ai-jobs:writeDispatch AI worker jobs
*Full access (use with caution)

Getting Started

Navigate to Settings > API Keys.

Generate an API Key

  1. Click Generate New Key
  2. Enter a descriptive name (e.g., "Warehouse Integration", "CI Pipeline")
  3. Select the required scopes
  4. Set an expiry (optional — leave blank for no expiry)
  5. Click Generate
  6. Copy the key immediately — it is only shown once

Using an API Key

Include the key in the Authorization header and your tenant ID in the X-Tenant-ID header on every request:

curl https://your-nexuscommerce.com/api/products \
  -H "Authorization: Bearer nxc_live_abc123..." \
  -H "X-Tenant-ID: 3714240b-2e06-4c35-8856-ccc1c096323e"

Features

API Key List

The API Keys list shows all active keys:

ColumnDescription
NameDescriptive name you assigned
PrefixFirst 8 characters of the key (for identification)
ScopesGranted permission scopes
CreatedCreation timestamp
Last UsedLast API call timestamp
ExpiresExpiry date (or "Never")
ActionsRevoke

Tenant Information

At the top of the API Keys page:

  • Tenant ID: 3714240b-2e06-4c35-8856-ccc1c096323e (use in X-Tenant-ID header)
  • API Base URL: https://your-nexuscommerce.com/api

Key Rotation

To rotate an API key:

  1. Generate a new key with the same scopes
  2. Update your integration to use the new key
  3. Verify the new key is working
  4. Revoke the old key

There is no in-place rotation — you must generate a new key and revoke the old one manually.

Revoking a Key

Click Revoke on a key to permanently invalidate it. Revocation is immediate — any in-flight requests using the revoked key will receive a 401 response on the next request after revocation.

Configuration

SettingDescriptionDefault
Key formatKey prefix for identificationnxc_live_ (production), nxc_test_ (staging)
Max keys per tenantMaximum number of active API keys20
Key expiry optionsSelectable expiry windows30d, 90d, 1y, Never
IP allowlist (Enterprise)Restrict key usage to specific IP rangesNone

Team Management

Invite and manage team members with role-based access control across your NexusCommerce tenant.

Billing Settings

Manage your NexusCommerce subscription plan, payment methods, and invoice history.

On this page

OverviewKey ConceptsGetting StartedGenerate an API KeyUsing an API KeyFeaturesAPI Key ListTenant InformationKey RotationRevoking a KeyConfiguration