Overview

The Nolano API uses API key authentication to secure access to all endpoints. This ensures that only authorized users can access your forecasting data and manage API resources.

Authentication Methods

API Key Authentication

All forecast endpoints use API key authentication. Include your API key in the Authorization header: 
curl -X POST https://enbfcx4kq6.execute-api.us-east-2.amazonaws.com/forecast \
  -H "Authorization: ak_577aa2f186866ec0c75d1068bcff79cd3da4344b80aec1572e0fa07b364227d6" \
  -H "Content-Type: application/json"

API Key Format

Nolano API keys follow a specific format for easy identification: 
ak_[64_character_hex_string]
Example: 
ak_577aa2f186866ec0c75d1068bcff79cd3da4344b80aec1572e0fa07b364227d6

Security Features

Secure Storage

  • API keys are hashed using SHA-256 before storage
  • Only the hash is stored in the database
  • The original key is never stored in plain text

Usage Tracking

Every API call is tracked with detailed metrics:
  • Usage Count: Total number of requests made
  • Last Used: Timestamp of the most recent request
  • Request Patterns: Monitoring for unusual activity

Permission System

API keys support fine-grained permissions:

read

Access to forecast endpoints and data retrieval

write

Ability to create and modify forecasts

admin

Manage API keys for the account

delete

Delete data and forecasts

Getting Your API Key

You can create and manage your API keys from the Nolano dashboard.

Go to API Keys Dashboard

Navigate to the API Keys section in your dashboard to create, manage, and monitor your keys.
 From the dashboard, you can:
  • Create new API keys with specific permissions.
  • Monitor usage statistics for each key.
  • Set custom expiration dates.
  • Rotate and revoke keys securely.

Error Handling

Common Authentication Errors

Security Best Practices

Key Management

  1. Store Securely: Never commit API keys to version control
  2. Environment Variables: Use environment variables for key storage
  3. Rotate Regularly: Rotate keys periodically for security
  4. Minimize Permissions: Only grant necessary permissions
  5. Monitor Usage: Regularly review key usage patterns

Request Security

  1. HTTPS Only: Always use HTTPS for API requests
  2. Secure Headers: Include proper headers in requests
  3. Rate Limiting: Implement client-side rate limiting
  4. Error Handling: Don’t expose keys in error messages

Example: Secure Storage

# .env file
NOLANO_API_KEY=ak_577aa2f186866ec0c75d1068bcff79cd3da4344b80aec1572e0fa07b364227d6

# In your application
api_key = os.environ.get('NOLANO_API_KEY')
headers = {'Authorization': api_key}

Rate Limits

Different subscription tiers have different rate limits:
TierRequests/MinuteRequests/HourRequests/Day
Free101001,000
Standard1001,00050,000
Premium5005,000250,000
EnterpriseCustomCustomCustom

Rate Limit Headers

API responses include rate limit information: 
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640995200

Testing Authentication

Quick Test

Test your API key with a simple request: 
curl -X POST https://api.nolano.ai/forecast \
  -H "Authorization: Bearer your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"series":[{"timestamps":["2023-01-01T00:00:00"],"values":[100]}], "forecast_horizon": 1, "data_frequency": "Daily", "forecast_frequency": "Daily"}' \
  -v

Expected Response

A successful authentication will return either:
  • 200 OK: Your request was processed
  • 500 Server Error: Authentication succeeded, but the target API is unreachable
An authentication failure will return:
  • 401 Unauthorized: Invalid or missing API key