Skip to main content
⚠️ Archived Version: This documentation is for an outdated version. Please visit the latest version.

Authenticate your calls

Create your organization

To get access to the Nabla API, please reach out to api@nabla.com.

Your server key gives full access to your organization and thus should be held secret and never embedded in a front-end application.

Choose between Server API and User API

You can authenticate in two different ways:

From your servers (Server API)

Simply use the server key you generated as the bearer token in requests you make to paths under https://api.nabla.com/v1/copilot-api/server.

From your front-end apps (User API)

Front-end applications will authenticate their calls to Nabla Copilot API using ephemeral access tokens that are scoped to a user in your organization.

From your server (thus using the Server API) do the following:

  • Create a user.
  • Authenticate the user you just created.
  • Communicate the pair of access_token and refresh_token to your front-end app.
  • Your front-end app now can use the ephemeral access_token to make calls to the same endpoints but under /copilot-api/user instead of /copilot-api/server.
  • When the access_token expires, the front-end app can (autonomously from your server) call Refresh tokens to get a new pair of tokens.