Skip to main content

Authentication

All Nevatal API endpoints require authentication via API keys. Your API key identifies your clinic and determines the scope of data you can access.

Getting your API key

  1. Log into your Nevatal dashboard at app.nevatal.com
  2. Navigate to Settings → API Keys
  3. Click Create API Key
  4. Select the scopes (permissions) your integration needs
  5. Copy and securely store the generated key
API keys are shown only once at creation time. Store them securely. If you lose a key, revoke it and create a new one.

Using your API key

Include the API key as a Bearer token in the Authorization header of every request:

Scopes

API keys are scoped to specific modules. When creating a key, you select which modules it can access:

Key management

Revoking a key

Listing active keys

Security best practices

API keys should only be used in server-to-server communication. Never include them in frontend JavaScript, mobile apps, or public repositories.
Only grant the scopes your integration actually needs. A billing integration doesn’t need EMR access.
Create new keys periodically and revoke old ones. This limits the impact of a compromised key.
Store API keys in environment variables or a secrets manager, never hardcoded in source files.