Skip to main content
All NAWA API requests require a Bearer token in the Authorization header. 
Authorization: Bearer nawa_live_sk_xxx

API key formats

EnvironmentPrefixExample
Freenawa_test_sk_nawa_test_sk_a1b2c3d4e5f6
Livenawa_live_sk_nawa_live_sk_x9y8z7w6v5u4

Free vs live keys

Free

Free, no credit card required.
  • 100 lifetime requests
  • 14-day key expiry
  • Uses real AI models (same accuracy)
  • Rate limit: 10 requests/minute
  • Perfect for prototyping and testing

Live

Pay-as-you-go with credit packs.
  • Unlimited requests (with credits)
  • No key expiry (rotate at 90 days recommended)
  • Full rate limits by tier
  • Webhook support
  • Analytics and usage dashboards

Creating API keys

1

Sign in to your account

Go to trynawa.com/developers/keys and sign in with your account.
2

Create a new key

Go to trynawa.com/developers/keys and click Create Key.
3

Copy your key

Your key is displayed once at creation. Copy it immediately and store it securely.
API keys are shown only once at creation. They are stored as SHA-256 hashes - we cannot retrieve your key later. If you lose it, revoke the old key and create a new one.

Key rotation

We recommend rotating live keys every 90 days. To rotate without downtime:
  1. Create a new key in the dashboard
  2. Update your application to use the new key
  3. Verify requests succeed with the new key
  4. Revoke the old key
You can have up to 5 active keys per environment. This allows zero-downtime rotation by running old and new keys simultaneously.

Key revocation

Revoke a key instantly from the dashboard under Settings → API Keys. Revoked keys return a 401 authentication_error immediately.

Security best practices

  • Never commit keys to source control. Use environment variables or a secret manager.
  • Use free keys for development. Reserve live keys for deployed applications.
  • Restrict keys by IP (planned) for live workloads.
  • Monitor usage in the dashboard to detect unauthorized use.
  • Rotate keys every 90 days or immediately if compromised.
// ✅ Load from environment
const nawa = new Nawa({ apiKey: process.env.NAWA_API_KEY })

// ❌ Never hardcode keys
const nawa = new Nawa({ apiKey: 'nawa_live_sk_abc123' })