Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nzochain.com/llms.txt

Use this file to discover all available pages before exploring further.

Every request to the NZOChain API must include a valid API key. Authentication uses the standard HTTP bearer token scheme — you pass your key in the Authorization header of each request. There are no cookies, sessions, or OAuth flows to set up.

Getting your API key

  1. Log in to the NZOChain dashboard.
  2. Go to Settings → API Keys.
  3. Click Generate new key and copy the value immediately — it is only shown once.
If you lose your key, you can revoke it and generate a new one from the same page.

Passing your API key

Include your key as a bearer token in the Authorization header on every request: 
curl -X POST https://api.nzochain.com/v1/api/risk/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"wallet": "0x742d35Cc6634C0532925a3b8D4C9B5e55d7b1234"}'

Code examples

curl -X POST https://api.nzochain.com/v1/api/risk/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"wallet": "0x742d35Cc6634C0532925a3b8D4C9B5e55d7b1234"}'

Authentication errors

HTTP statusCauseResolution
401 UnauthorizedAPI key is missing, malformed, or has been revokedCheck that your Authorization header is present and formatted as Bearer YOUR_API_KEY
403 ForbiddenKey is valid but your plan does not include this endpointUpgrade your plan or check endpoint availability in the API Overview

Security best practices

  • Use environment variables. Store your API key in an environment variable (e.g., NZOCHAIN_API_KEY) and read it at runtime. Never hard-code it in your source files.
  • Keep keys server-side. Never include your API key in client-side JavaScript, mobile app bundles, or any code that is shipped to end users.
  • Rotate keys periodically. Regenerate your API key on a regular schedule and immediately after any suspected exposure.
  • Use separate keys per environment. Generate distinct keys for development, staging, and production so you can revoke one without affecting the others.
Never commit your API key to source control. If a key is accidentally committed, revoke it immediately from the NZOChain dashboard and generate a replacement. Treat any exposed key as compromised.