Nimply Developers

Authentication

Authenticate with workspace-scoped API keys and understand scopes.

The Nimply API uses API keys to authenticate requests. Every key is scoped to a single workspace: a key can only see and act on the channels, posts, and media of the workspace it was created in.

Creating an API key

  1. Open the Nimply app and pick the workspace you want to integrate with.
  2. Go to Settings → Developers.
  3. Click Create API key, name it, and select the scopes it needs.
  4. Copy the key — it is shown only once. Store it in a secret manager or environment variable.

Live keys look like this:

nim_live_4f8a2c…

Using your key

Send the key as a Bearer token in the Authorization header of every request:

curl https://api.nimply.io/v1/workspace \
  -H "Authorization: Bearer nim_live_4f8a2c…"

GET /v1/workspace is a handy connectivity check — it returns the workspace the key belongs to.

Keep keys server-side

API keys carry full access to their scopes. Never embed them in client-side code, mobile apps, or public repositories. Rotate a key immediately if it leaks.

Scopes

Scopes limit what a key is allowed to do. New keys are read-only by default — grant write scopes explicitly when you need them.

ScopeGrants
workspace:readRead the workspace the key belongs to
channels:readList and inspect connected social channels and their posting schedules
posts:readList and read posts
posts:writeCreate, update, and delete draft posts
posts:publishSchedule posts and publish immediately (schedule values other than "draft")
media:readList and read media assets
media:writeUpload and delete media assets
analytics:readRead profile and post metrics
webhooks:manageCreate, update, and delete webhook subscriptions

Requests made without the required scope fail with 403 Forbidden and a problem details body naming the missing scope.

Next steps

On this page