API Keys

The API Keys page in your customer portal lets you generate and manage keys for authenticating requests to the Zentrix Agent Studio REST API. Access it from the sidebar at /api-keys.

Generating a New Key

Navigate to the API Keys page.
Click Generate New Key.
Enter a descriptive label for the key (e.g., "Production Website", "Development Server", "Mobile App Backend").
Click Create.
Your new API key is displayed in a modal dialog. Copy it immediately.

Info

Important: The full API key is shown only once at creation time. After you close the dialog, only the last 4 characters are visible in the key list. If you lose a key, revoke it and generate a new one.

Key Format

All keys use the nas_ prefix (Zentrix Agent Studio) followed by a random alphanumeric string:

nas_7f3a9b2c1d4e5f6a7b8c9d0e1f2a3b4c

This prefix makes it easy to identify Zentrix Agent Studio keys when auditing your codebase, CI/CD pipelines, or secrets managers.

Key List

The API Keys page displays a table of all your active keys:

Column	Description
Label	The descriptive name you assigned when creating the key
Key	Masked, showing only the last 4 characters (e.g., `nas_...3b4c`)
Created	Date and time the key was generated
Last Used	Timestamp of the most recent API request made with this key
Actions	Revoke button

Revoking a Key

To revoke an API key:

Find the key in the list.
Click the Revoke button.
Confirm the revocation in the dialog.

Revocation is immediate -- any API request using that key will fail with a 401 Unauthorized response from the moment you confirm. There is no grace period.

Tip

Tip: Before revoking a key that is in use, generate a new key first and update your application configuration. Then revoke the old key to avoid any downtime.

Security Best Practices

Never expose API keys in client-side code. Keys should only be used in server-side code (Node.js, Python, PHP, etc.) or secure backend services. For browser-based voice widget integration, use the Widget Token endpoint which returns a short-lived access token safe for the client.
Store keys in environment variables. Use NEURA_API_KEY or a similar variable name. Never hardcode keys in your source code or commit them to version control.
Use separate keys for each environment. Create distinct keys for development, staging, and production. This way, revoking a compromised development key does not affect production.
Rotate keys periodically. Generate a new key, update your application, then revoke the old key. This limits exposure window if a key is leaked.
Revoke immediately if compromised. If a key is accidentally committed to a public repository, exposed in logs, or shared insecurely, revoke it from this page immediately and generate a replacement.

Key Storage

API keys are SHA-256 hashed before being stored in the database. This means:

Even database administrators cannot see your full API key.
If the database were compromised, attackers would not be able to use the hashed keys to make API calls.
The only time the full key is available is at the moment of creation, shown to you in the browser.

Usage with the API

Include your API key in the Authorization header of every request:

bash

curl -X POST https://agentstudio.brtneura.com/api/widget/token \
  -H "Authorization: Bearer nas_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentId": "your-agent-uuid"}'

See Authentication for detailed usage examples in multiple languages, and API Overview for the full list of available endpoints.

A Product by BRTNeura Technology LLP

← Previous

Billing Page

Account Settings

Last updated: 2026-03-05