Skip to content

API Keys

API keys let scripts, CI pipelines and AI tools use the NSIN API with your account’s permissions — no browser login required. Every key acts as you: domains you own and domains shared with you (with their member roles) are accessible exactly as in the panel.

  1. Open the panel and click your avatar → SettingsAPI keys.
  2. Click Create key, give it a descriptive name (e.g. CI deploy, monitoring).
  3. Pick an expiry (never / 30 / 90 / 365 days) and whether the key is read-only.
  4. Copy the key immediately.

Keys look like this:

nsin_a1b2c3d4e5f6… (69 characters)
ModeWhat it can do
Full accessEverything your account can do on the allowed API surface — manage records, rules, cache, SSL.
Read-onlyGET requests only: list domains and records, read analytics, SSL status and cache rules.

Domain-level roles still apply on top: a key belonging to a user with the Viewer role on a shared domain cannot edit that domain’s records even with a full-access key.

Send the key in either header:

Terminal window
# Authorization header (also used by MCP clients)
curl -H "Authorization: Bearer nsin_your_key_here" https://api.nsin.ir/domains/
# Or the X-Api-Key header
curl -H "X-Api-Key: nsin_your_key_here" https://api.nsin.ir/domains/
  • Rate limit: 300 requests per minute per key. Exceeding it returns 429.
  • Blocked surfaces: keys cannot call account (/users/…), billing (/billing/…), admin or auth endpoints. Keys can never create or revoke keys.
  • Cap: up to 10 active keys per account.

The API keys tab shows each key’s last-used time and a 30-day request chart, so you can spot unused or unexpectedly busy keys. Revoking a key takes effect immediately — in-flight and future requests get 401.