Authentication
Authenticate with workspace-scoped API keys and understand scopes.
The Nimply API uses API keys to authenticate requests. Every key is scoped to a single workspace: a key can only see and act on the channels, posts, and media of the workspace it was created in.
Creating an API key
- Open the Nimply app and pick the workspace you want to integrate with.
- Go to Settings → Developers.
- Click Create API key, name it, and select the scopes it needs.
- Copy the key — it is shown only once. Store it in a secret manager or environment variable.
Live keys look like this:
nim_live_4f8a2c…Using your key
Send the key as a Bearer token in the Authorization header of every request:
curl https://api.nimply.io/v1/workspace \
-H "Authorization: Bearer nim_live_4f8a2c…"GET /v1/workspace is a handy connectivity check — it returns the workspace the key belongs to.
Keep keys server-side
API keys carry full access to their scopes. Never embed them in client-side code, mobile apps, or public repositories. Rotate a key immediately if it leaks.
Scopes
Scopes limit what a key is allowed to do. New keys are read-only by default — grant write scopes explicitly when you need them.
| Scope | Grants |
|---|---|
workspace:read | Read the workspace the key belongs to |
channels:read | List and inspect connected social channels and their posting schedules |
posts:read | List and read posts |
posts:write | Create, update, and delete draft posts |
posts:publish | Schedule posts and publish immediately (schedule values other than "draft") |
media:read | List and read media assets |
media:write | Upload and delete media assets |
analytics:read | Read profile and post metrics |
webhooks:manage | Create, update, and delete webhook subscriptions |
Requests made without the required scope fail with 403 Forbidden and a
problem details body naming the missing scope.