Authentication

All Zentrix Agent Studio API requests require authentication via an API key. Keys are scoped to your account and grant access to all agents and instances under your profile.

Generating an API Key

Sign in to your account and navigate to the API Keys page in the customer portal.
Click Generate New Key.
Give your key a descriptive label (e.g., "Production Website", "Staging Server").
Your new API key is displayed once. Copy it immediately and store it securely.

Info

Important: The full API key is shown only at creation time. After you close the dialog, only the last 4 characters are visible in the dashboard. If you lose a key, revoke it and generate a new one.

Key Format

All Zentrix Agent Studio API keys use the nas_ prefix followed by a random alphanumeric string:

nas_7f3a9b2c1d4e5f6a7b8c9d0e1f2a3b4c

The prefix makes it easy to identify Zentrix Agent Studio keys in your codebase and secrets managers. Keys are SHA-256 hashed before storage in the database -- even our team cannot see your full key.

Using Your API Key

Include the key in the Authorization header of every API request using the Bearer scheme:

bash

curl -X POST https://agentstudio.brtneura.com/api/widget/token \
  -H "Authorization: Bearer nas_7f3a9b2c1d4e5f6a7b8c9d0e1f2a3b4c" \
  -H "Content-Type: application/json" \
  -d '{"agentId": "your-agent-uuid"}'

In JavaScript:

javascript

const response = await fetch('https://agentstudio.brtneura.com/api/widget/token', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer nas_7f3a9b2c1d4e5f6a7b8c9d0e1f2a3b4c',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ agentId: 'your-agent-uuid' }),
});

if (!response.ok) {
  throw new Error(`API error: ${response.status}`);
}

const data = await response.json();

Error Responses

If authentication fails, the API returns a 401 Unauthorized response:

json

{
  "error": "Invalid API key",
  "code": "UNAUTHORIZED"
}

Common causes:

Missing header -- The Authorization header was not included in the request.
Wrong prefix -- The key does not start with nas_.
Revoked key -- The key was revoked from the dashboard.
Expired account -- Your subscription or trial has expired. Reactivate to restore API access.

Managing Keys

From the API Keys page you can:

View active keys -- See all keys with their labels, creation dates, and last-4-character identifiers.
Revoke a key -- Click the revoke button next to any key. Revocation is immediate -- any request using that key will fail instantly.
Generate new keys -- There is no limit on how many keys you can create. Use separate keys for different environments (development, staging, production).

Tip

Tip: Rotate your API keys periodically. Generate a new key, update your application to use it, then revoke the old key. This minimizes exposure if a key is accidentally leaked.

Security Best Practices

Never expose keys in client-side code. API keys should only be used in server-side code or secure backend services. The Widget Token endpoint returns a short-lived access token that is safe to use in the browser.
Use environment variables to store keys (NEURA_API_KEY or similar). Never commit keys to version control.
Use separate keys for development and production environments.
Revoke immediately if a key is accidentally committed to a public repository or shared insecurely.

A Product by BRTNeura Technology LLP

← Previous

API Overview

Widget Token Endpoint

Last updated: 2026-03-05