Authenticate your calls

Create your organization

Getting access to the API is pretty self-service.

• Create an organization in the Console.
• Create a Server API Key in API Keys.

Your server key gives full access to your organization and thus should be held secret and never embedded in a front-end application.

Choose between Server API and User API

You can authenticate in two different ways:

From your servers (Server API)

Simply use the server key you generated as the bearer token in requests you make to paths under https://api.nabla.com/v1/copilot-api/server.

From your front-end apps (User API)

Front-end applications will authenticate their calls to Nabla Copilot API using ephemeral access tokens that are scoped to a user in your organization.

From your server (thus using the Server API) do the following:

• Create a user.
• Authenticate the user you just created.
• Communicate the pair of access_token and refresh_token to your front-end app.
• Your front-end app now can use the ephemeral access_token to make calls to the same endpoints but under /copilot-api/user instead of /copilot-api/server.
• When the access_token expires, the front-end app can (autonomously from your server) call Refresh tokens to get a new pair of tokens.