Authentication

Everything about API keys, rate limits, and security for the Northly API.

Bearer Token Authentication

All API requests are authenticated using Bearer tokens.

Send your API key as a Bearer token in the Authorization header of every request. All requests must be made over HTTPS.

bash

curl -X GET "https://api.northlyapp.com/v1/objectives" \
  -H "Authorization: Bearer nly_live_abc123def456..."

Create and manage your API keys securely.

The API is limited to a certain number of requests per hour.

Plan	Limit
Business	1,000 requests/hour
Enterprise	5,000 requests/hour

Rate limit information is returned in the response headers:

http

HTTP/1.1 200 OK
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 997
X-RateLimit-Reset: 1709985600

The API uses standard HTTP status codes.

Code	Name	Description
`400`	Bad Request	The request was invalid or malformed.
`401`	Unauthorized	Missing or invalid API key.
`403`	Forbidden	No permission for this action.
`404`	Not Found	The requested resource was not found.
`422`	Unprocessable Entity	Validation error in the input data.
`429`	Too Many Requests	Rate limit exceeded. Try again later.
`500`	Internal Server Error	An unexpected error occurred.

400Bad Request

The request was invalid or malformed.

401Unauthorized

Missing or invalid API key.

403Forbidden

No permission for this action.

404Not Found

The requested resource was not found.

422Unprocessable Entity

Validation error in the input data.

429Too Many Requests

Rate limit exceeded. Try again later.

500Internal Server Error

An unexpected error occurred.

Example error response:

json

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or expired API key",
    "status": 401
  }
}

Best practices for securely handling API keys.

Start free with Northly — the Outcome OS that combines AI coaching, Strategy Maps, and contextual check-ins. No credit card. No compliance headache.