Managing API Keys

You can manage your API keys either through the Nolano API or directly from the dashboard.

Go to API Keys Dashboard

The dashboard provides an easy-to-use interface for all your API key management needs.

What are API Keys?

API keys are unique identifiers that authenticate your requests to the Nolano API. They act as both an identifier and a password, ensuring that only authorized users can access forecasting services and manage API resources.

Key Features

Secure by Design

SHA-256 Hashing

Keys are hashed before storage - original keys are never stored in plain text

Usage Tracking

Every API call is logged with detailed usage statistics and monitoring

Expiration Control

Set custom expiration dates or create keys that never expire

Instant Revocation

Immediately revoke compromised keys with audit trails

API Key Lifecycle

Permission System

Available Permissions

Permission Examples

{
  "read_only_key": {
    "permissions": ["read"]
  },
  "standard_app": {
    "permissions": ["read", "write"]
  },
  "admin_key": {
    "permissions": ["read", "write", "admin"]
  },
  "full_access": {
    "permissions": ["read", "write", "admin", "delete"]
  }
}

Usage Monitoring

Key Metrics

Every API key tracks detailed usage information:

Usage Count

Total number of API requests made with this key

Last Used

Timestamp of the most recent API request

Status

Current status: active, expired, or revoked

Viewing Usage Statistics

curl -X GET https://enbfcx4kq6.execute-api.us-east-2.amazonaws.com/keys \
  -H "Authorization: Bearer your_jwt_token"

Example Response:

{
  "keys": [{
    "id": "1751308234318",
    "name": "Production API Key",
    "usage_count": 1847,
    "last_used": "2024-01-22T15:45:30Z",
    "status": "active"
  }]
}

Security Best Practices

Storage and Handling

Never expose API keys in client-side code: API keys should only be used in server-side applications where they can be kept secure.

Environment Variables: Store API keys in environment variables, not in your source code.

# ✅ Good: Environment variable
export NOLANO_API_KEY="ak_577aa2f186866ec0c75d1068bcff79cd3da4344b80aec1572e0fa07b364227d6"

# ❌ Bad: Hardcoded in source
api_key = "ak_577aa2f186866ec0c75d1068bcff79cd3da4344b80aec1572e0fa07b364227d6"

Regular Rotation

Implement a regular key rotation schedule:

  1. Production Keys: Rotate every 90 days
  2. Development Keys: Rotate every 30 days
  3. Emergency Rotation: Immediately if compromise suspected

Rate Limits by Key Type

Permission LevelRequests/MinRequests/HourRequests/Day
Read Only5050010,000
Read/Write1001,00050,000
Admin2002,000100,000
Full Access5005,000250,000

Enterprise Plans: Custom rate limits and dedicated support available. Contact support@nolano.com for details.