User sessions (JWT)
POST /auth/login
{
"email": "[email protected]",
"password": "…"
}
→ { "token": "eyJ…", "user": { … }, "workspace": { … } }The returned token is good for 15 minutes. Refresh by re-logging or via your session cookie. Pass it as Authorization: Bearer <token>.
API keys
Settings → API keys → + Create. The raw key is shown once— store it in your secrets manager. Format: 1nc_live_<random>.
example request
curl https://api.novusflow.tech/contacts \ -H "Authorization: Bearer 1nc_live_4f9a…"
Key roles
- VIEWER — read-only. Starter and above.
- MEMBER — write contacts, templates, automations. Growth and Pro.
- ADMIN — workspace settings + member invites. Growth and Pro.
- OWNER — only assignable via Membership; can't be minted as an API key.
Revoking
Settings → API keys → revoke. Revocations take effect within ~10s across all API nodes.