Nosmai / docs
products solutions docs blog about us
sign in get a demo →
Docs / Get started / Authentication

Authentication

How Nosmai keys work, and why your secret keys never need to ship inside a mobile app.

Key types

PrefixUseEnvironment
nsk_test_Development & testingWatermarked / sandbox
nsk_live_Production trafficBilled, full quota

Web & server

On the web or a server you control, pass the key directly when constructing the client. Store it in an environment variable, never commit it to source control.

const nosmai = new Nosmai(process.env.NOSMAI_KEY)

Mobile binaries can be decompiled, so the iOS and Android SDKs authenticate with a public app ID instead of a secret. The SDK exchanges it for a short-lived token, and your secret provider keys stay on the Nosmai edge proxy.

import NosmaiSDK

Nosmai.configure(appId: "app_8f3a...")

NOTE

Manage keys, rotate them, and set per-key environments under API keys in the dashboard.

Rotating keys

Create a new key, deploy it, then revoke the old one. There is no downtime, and both work during the overlap. Revoked keys stop authenticating immediately.

← Previous
Quickstart
Next →
Nosmai Effects
Nosmai

We make advanced camera and AI technology accessible to every developer. By packaging hard problems into simple

developers
docsapi refstatus
legal
privacyterms
newsletter

Product updates and release notes. No spam.

© 2026 nosmai, inc · all rights reserved