Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nylio.app/llms.txt

Use this file to discover all available pages before exploring further.

API keys

API keys let you authenticate with the Nylio public API without going through an OAuth flow. They are useful for scripts, CI pipelines, and backend integrations where browser-based login is not practical.

Create an API key

  1. Open the API access page in the Nylio app.
  2. Click Create key.
  3. Give the key a name, choose which scopes to grant, and set an expiration period.
  4. Copy the key immediately. It is only shown once.

Expiration options

OptionDuration
30 daysKey expires after 30 days
90 daysKey expires after 90 days
1 yearKey expires after 365 days
No expirationKey does not expire automatically

Available scopes

ScopeAccess
workspace:readList workspaces
document:readRead and export documents
document:writeCreate, edit, and replace personal documents
search:readSearch documents

Use an API key

Pass the key in the x-api-key header: 
curl https://api.nylio.app/api/public/v1/documents \
  -H "x-api-key: YOUR_API_KEY"
API keys work with the public API endpoints allowed by their scopes. If a required scope is missing, the request returns 403 insufficient_scope.
Do not send both a bearer token and an x-api-key header in the same request. The API rejects requests that include both.

Manage existing keys

From the API access page you can:
  • Disable a key temporarily without deleting it.
  • Re-enable a disabled key.
  • Revoke a key permanently.

Best practices

  • Name keys after the integration they power.
  • Use the shortest expiration period that fits the use case.
  • Grant only the scopes each integration needs.
  • Rotate keys periodically and remove unused keys.
  • Store keys in environment variables or a secrets manager, not in source control.