Skip to main content
Your NBQ Engine API key grants full access to your configuration and usage. Treat it like a password.

Key facts

Format

Every key starts with nbq_live_ followed by a random string.

Shown once

The key is displayed only at generation. It cannot be retrieved again.

Revocable immediately

You can revoke a key instantly from the NBQ Studio API Keys area.

No automatic expiry

Keys do not expire automatically. Rotate them periodically as a best practice.

Do and do not

  • Store the key in an environment variable or secrets manager (AWS Secrets Manager, Doppler, HashiCorp Vault).
  • Rotate the key when team members with access leave.
  • Revoke the key immediately if you suspect it has been exposed.
  • Use the key server-side only — never in frontend or client-side code.

If your key is compromised

1

Revoke immediately

Go to the NBQ Studio API Keys area and click Revoke. The key stops working instantly.
2

Generate a new key

Click Generate Key to create a replacement. Copy it immediately.
3

Update your integration

Replace the old key in your environment variables or secrets manager and redeploy.
4

Review your logs

Check API usage logs for any unexpected calls made while the key was potentially exposed.
Never commit an API key to GitHub, even in a private repository. Use .gitignore to exclude .env files. If a key was ever committed, revoke it immediately — git history is permanent and may be inspected.