Authentication
All REST API endpoints require authentication unless otherwise noted. The API supports two authentication schemes: Bearer token (recommended) and Basic Auth.Getting a Token
Use the POST /api/token endpoint to exchange a username and password for a bearer token.This request must be encoded as
application/x-www-form-urlencoded, not application/json. Sending a JSON body will result in an unsupported_grant_type error.client_id parameter is optional. If provided, you must use the same value when refreshing the token. If omitted, the username (email) is used as the client_id automatically.
refresh_token to obtain a new access_token after it expires without requiring the user to re-enter their password. See Refresh a bearer token for details.
Two-Factor Authentication
If the user has 2FA enabled, include thetotp parameter with their current TOTP code:
Bearer Token
Include theaccess_token in the Authorization header of every authenticated request:
Basic Auth
You can also authenticate using HTTP Basic Auth by passing your Nexudus username and password directly:Authorization header manually with a Base64-encoded username:password string:
Failed Authentication
When authentication fails or the account does not have permission for the requested resource, the API returns a401 Unauthorized response.