API Authentication

Authenticate your API requests with NordicCDN.

Overview

The NordicCDN API uses token-based authentication. All API requests must include a valid API token in the request headers.

Creating an API Token

From Dashboard

  1. Log in to your NordicCDN dashboard
  2. Click your profile icon (top right)
  3. Select "API Tokens"
  4. Click "Create Token"
  5. Enter a name for the token
  6. Select permissions (optional)
  7. Click "Create"

{warning} Copy your token immediately. For security, tokens are only shown once.

Using Your Token

Include your API token in the Authorization header:

curl "https://nordiccdn.com/api/v1/zones" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Header Format

Authorization: Bearer YOUR_API_TOKEN

Token Permissions

Tokens can be scoped to specific permissions:

Permission Description
zones:read List and view zones
zones:write Create, update, delete zones
purge Purge cache
analytics:read View analytics data
settings:write Modify zone settings

Full Access Token

Leave permissions empty for full access to your account.

Limited Token Example

Create a token that can only purge cache:

  • Permissions: purge only
  • Use for: CI/CD pipelines, automated deployments

API Base URL

All API requests use this base URL:

https://nordiccdn.com/api/v1

Request Format

Headers

All requests should include:

Authorization: Bearer YOUR_API_TOKEN
Content-Type: application/json
Accept: application/json

Request Body

For POST/PUT/PATCH requests, send JSON:

curl -X POST "https://nordiccdn.com/api/v1/zones" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"origin_url": "https://example.com"}'

Response Format

All responses are JSON:

Success Response

{
  "data": {
    "uuid": "abc123",
    "origin_url": "https://example.com",
    "cdn_hostname": "abc123.cdn.nordiccdn.com"
  }
}

List Response

{
  "data": [
    {"uuid": "abc123", "origin_url": "https://example.com"},
    {"uuid": "def456", "origin_url": "https://other.com"}
  ],
  "meta": {
    "current_page": 1,
    "total": 25,
    "per_page": 15
  }
}

Error Response

{
  "message": "The given data was invalid.",
  "errors": {
    "origin_url": ["The origin url field is required."]
  }
}

Rate Limiting

API requests are rate limited:

Endpoint Type Limit
Read (GET) 60 requests/minute
Write (POST/PUT/DELETE) 30 requests/minute
Purge 10 requests/minute

Rate Limit Headers

Responses include rate limit information:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1640995200

When Rate Limited

If you exceed the limit, you'll receive:

HTTP 429 Too Many Requests

Wait until X-RateLimit-Reset timestamp before retrying.

Security Best Practices

1. Keep Tokens Secret

  • Never commit tokens to version control
  • Use environment variables
  • Don't expose tokens in client-side code
# Good: Use environment variable
export NORDICCDN_TOKEN="your-token"
curl -H "Authorization: Bearer $NORDICCDN_TOKEN" ...

2. Use Minimum Permissions

Create tokens with only the permissions needed:

  • Deployment script: purge only
  • Monitoring tool: analytics:read only
  • Admin dashboard: full access

3. Rotate Tokens Regularly

Delete and recreate tokens periodically, especially after team changes.

4. Monitor Token Usage

Check API logs for unusual activity:

  • Unexpected endpoints being accessed
  • Requests from unknown IPs
  • High request volumes

Revoking Tokens

From Dashboard

  1. Go to "API Tokens"
  2. Find the token to revoke
  3. Click the delete icon
  4. Confirm revocation

Revoked tokens are immediately invalidated.

SDK Libraries

PHP

use NordicCDN\Client;

$client = new Client('YOUR_API_TOKEN');
$zones = $client->zones()->list();

JavaScript/Node.js

import { NordicCDN } from 'nordiccdn';

const client = new NordicCDN('YOUR_API_TOKEN');
const zones = await client.zones.list();

Contact support for official SDK availability.

Testing Authentication

Verify your token works:

curl "https://nordiccdn.com/api/v1/user" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Success response:

{
  "data": {
    "id": 123,
    "name": "Your Name",
    "email": "you@example.com"
  }
}

Invalid token response:

{
  "message": "Unauthenticated."
}