Skip to content

API Access

Nexaa provides a secure and flexible way to authenticate against its API using API users. This guide explains how to create and manage API credentials for automation and integration purposes.

Overview

Nexaa APIs are accessible via token-based authentication tied to API users. These users are separate from your login credentials and are intended for use in CI/CD pipelines, infrastructure automation, or application integrations.

Creating an API User

To generate API credentials:

  1. Log in to the Nexaa portal
  2. Open your account panel by clicking on you user
  3. In the sidebar, go to My Profile
  4. Go to users, click on Details
  5. Click "Add User"
  6. Provide:
    • A first name to identify the user (e.g. "CI pipeline", "Ansible", etc.)
    • A last name to identify the user
    • A e-mail — required for security notifications and recovery
    • A Password to get API credentials
    • A Role - select API account
  7. Click Save

After creation, you’ll need to verify the API account.

Make sure to store the secret securely. It will only be shown once.

Authenticating with the API

To authenticate with the Nexaa API, use your API credentials to obtain a bearer token:

1
2
3
4
5
6
7
curl --request POST \
  --url https://auth.tilaa.com/realms/tilaa/protocol/openid-connect/token \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data client_id=cloud-tilaa \
  --data grant_type=password \
  --data 'username={{username}}' \
  --data 'password={{password}}'

This will return a JSON response like:

1
2
3
4
5
{
  "access_token": "your-access-token",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Use the token in your API requests: 

1
2
curl https://graphql.tilaa.com/ \
  -H "Authorization: Bearer your-access-token"

API User Permissions

API users have permission to manage services and not managing billing information. Fine-grained access controls will be available in future releases.

Best Practices

  • Treat password with care — do not commit it to version control.
  • Use an email alias or monitored address for security alerts.
  • Rotate credentials periodically.
  • Revoke unused API users via the portal when no longer needed.

What's Next?