Skip to main content

API Key Authentication

All NVRSE API requests require authentication via an API key. You can obtain an API key from the NVRSE Studio dashboard.

Using Your API Key

Include your API key in the X-API-Key header: 
curl -X GET "https://api.nvrse.dev/api/interactive/templates/public" \
  -H "X-API-Key: your_api_key_here"
Alternatively, you can use the Authorization: Bearer header: 
curl -X GET "https://api.nvrse.dev/api/interactive/templates/public" \
  -H "Authorization: Bearer your_api_key_here"

Security Best Practices

Never expose your API key in client-side code. Always make API calls from your backend server.
Mobile/Web App ──► Your Backend ──API Key──► NVRSE API
Your backend acts as a proxy, keeping the API key secure: 
// Your backend (Node.js example)
app.post('/api/start-adventure', async (req, res) => {
  const response = await fetch(
    'https://api.nvrse.dev/api/interactive/runs/start',
    {
      method: 'POST',
      headers: {
        'X-API-Key': process.env.NVRSE_API_KEY, // Stored securely
        'Content-Type': 'application/json',
      },
      body: JSON.stringify({
        adventureId: req.body.adventureId,
      }),
    }
  );

  const data = await response.json();
  res.json(data);
});

Environment Variables

Store your API key in environment variables: 
# .env
NVRSE_API_KEY=your_api_key_here
Use different API keys for development and production environments. You can create multiple keys in the Studio dashboard.

Rate Limits

API requests are rate-limited based on your plan. Check these response headers to monitor your usage:
HeaderDescription
X-RateLimit-LimitMaximum requests per window
X-RateLimit-RemainingRemaining requests in current window
X-RateLimit-ResetUnix timestamp when the window resets
When you exceed the rate limit, you’ll receive a 429 Too Many Requests response.

Error Responses

Authentication errors return a 401 Unauthorized response: 
{
  "error": "Unauthorized",
  "code": "UNAUTHORIZED"
}
Common causes:
  • Missing X-API-Key header
  • Invalid or expired API key
  • API key doesn’t have permission for the requested resource

Rotating Keys

To rotate your API key:
  1. Create a new key in Studio
  2. Update your application to use the new key
  3. Verify the new key works
  4. Delete the old key
There’s no downtime during key rotation if you update your application before deleting the old key.