Authentication
All Nohuman AI API requests require authentication via API keys. This guide covers creating, using, and managing your API keys securely.
# Creating API Keys
API keys are created and managed from your dashboard. Each key is prefixed with nh_ for easy identification.
Navigate to Dashboard > API Keys
Click "Create New Key" and provide a descriptive name
Copy the key immediately - it will only be shown once
Store the key securely in your environment variables
# Using API Keys
Include your API key in the Authorization header as a Bearer token with every request.
curl -X POST https:"code-comment">//api.nohuman.studio/v1/videos/generate \
-H "Authorization: Bearer nh_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"prompt": "A sunset over the ocean", "duration": 5, "aspect_ratio": "16:9"}'# Environment Variables
Never hardcode API keys in source code. Use environment variables instead.
"code-comment"># .env or .env.local
NOHUMAN_API_KEY=nh_your_api_key_here# API Key Best Practices
Use environment variables
Never hardcode keys in source files or commit them to version control.
Create separate keys per environment
Use different keys for development, staging, and production.
Rotate keys periodically
Regenerate keys on a regular schedule and after any potential exposure.
Use descriptive names
Name keys by their purpose (e.g., "prod-backend", "dev-testing").
Restrict permissions
Grant only the minimum required permissions for each key.
Monitor usage
Review API key usage in the dashboard to detect anomalous activity.
# Rate Limiting Behavior
When you exceed your rate limit, the API returns a 429 Too Many Requests response. Implement exponential backoff in your client to handle this gracefully.
HTTP/1.1 429 Too Many Requests
Content-Type: application/json
Retry-After: 2
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1710672000
{
"error": {
"code": "rate_limit_exceeded",
"message": "Too many concurrent requests. Please retry after 2 seconds.",
"status": 429
}
}Handling Rate Limits
import time
import requests
def make_request_with_retry(url, headers, json, max_retries=3):
for attempt in range(max_retries):
response = requests.post(url, headers=headers, json=json)
if response.status_code == 429:
retry_after = int(response.headers.get(class="code-string">"Retry-After", 2))
print(fclass="code-string">"Rate limited. Retrying in {retry_after}s...")
time.sleep(retry_after)
continue
return response
raise Exception(class="code-string">"Max retries exceeded")# Authentication Errors
| Status | Code | Description |
|---|---|---|
| 401 | missing_api_key | No Authorization header provided |
| 401 | invalid_api_key | API key is malformed or revoked |
| 403 | insufficient_permissions | Key lacks permission for this endpoint |
| 402 | insufficient_credits | Account has insufficient credits |
SYS :: authentication :: security reference