Skip to main content

Overview

The Nextoria Hub REST API uses API key authentication for server-to-server integrations and OAuth 2.0 for user-delegated access. All API requests must be made over HTTPS. Base URL:
https://api.nextoriahub.com/v1

API Keys

API keys are the recommended authentication method for server-side integrations (webhooks, automation, data exports).

Generating an API Key

  1. Go to Settings → API → New API Key
  2. Give the key a descriptive name (e.g. “Zapier Integration”)
  3. Select scopes (see Scopes below)
  4. Copy the generated key — it is shown only once

Using Your API Key

Pass your API key as a Bearer token in the Authorization header:
curl https://api.nextoriahub.com/v1/projects \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Scopes

ScopeDescription
projects:readList and read project data
projects:writeCreate, update, and delete projects
tasks:readRead task data across projects
tasks:writeCreate and update tasks
clients:readRead client records
clients:writeCreate and manage client records
invoices:readRead invoice data
invoices:writeCreate, send, and void invoices
files:readRead file metadata and download URLs
analytics:readRead analytics and reporting data
API keys have access to your entire workspace within their granted scopes. Treat them like passwords — never commit them to source control or share them publicly.

OAuth 2.0

For user-facing integrations (e.g. allowing a third-party app to act on behalf of a specific Nextoria Hub user), use the OAuth 2.0 Authorization Code flow.

Application Registration

Register your OAuth application at Settings → API → OAuth Applications → Register App:
FieldDescription
App NameDisplay name shown on the consent screen
Redirect URIWhere to send the user after authorization
LogoOptional — shown on the consent screen
After registration, you’ll receive a client_id and client_secret.

Authorization Flow

Step 1: Redirect the user to the authorization endpoint:
GET https://app.nextoriahub.com/oauth/authorize
  ?client_id=YOUR_CLIENT_ID
  &redirect_uri=https://yourapp.com/callback
  &response_type=code
  &scope=projects:read+tasks:read
  &state=RANDOM_STATE_STRING
Step 2: Exchange the authorization code for a token:
POST https://api.nextoriahub.com/v1/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code=AUTHORIZATION_CODE
&redirect_uri=https://yourapp.com/callback
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
Response:
{
  "access_token": "eyJ...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "dGh...",
  "scope": "projects:read tasks:read"
}
Step 3: Use the access token in API requests:
curl https://api.nextoriahub.com/v1/projects \
  -H "Authorization: Bearer ACCESS_TOKEN"

Rate Limits

PlanRequests per minuteBurst limit
Starter60100
Growth300500
Scale1,0002,000
Exceeding the rate limit returns a 429 Too Many Requests response with a Retry-After header indicating when to retry.

Error Responses

All API errors follow a consistent format:
{
  "error": {
    "code": "RESOURCE_NOT_FOUND",
    "message": "Project with ID proj_abc123 was not found.",
    "status": 404
  }
}
HTTP StatusCodeDescription
400BAD_REQUESTInvalid request parameters
401UNAUTHORIZEDMissing or invalid API key
403FORBIDDENValid key but insufficient scope
404NOT_FOUNDResource does not exist
422UNPROCESSABLEValidation errors
429RATE_LIMITEDToo many requests
500INTERNAL_ERRORServer error (report to support)