Authentication
All API requests require an API key.
API keys
API keys are prefixed with nbk_ and look like:
nbk_a855d00c08bcc5baaa5fa1581245973b6491d95ffb4991dc
Get your API key from the dashboard.
Sending your key
Pass your API key in the Authorization header:
curl https://tunnel.nullbore.com/v1/tunnels \
-H "Authorization: Bearer nbk_your_key"
Or as a query parameter (useful for WebSocket connections):
wss://tunnel.nullbore.com/ws/control?tunnel_id=X&api_key=nbk_your_key
Key limits
| Plan | API Keys |
|---|---|
| Free | 1 |
| Hobby | 3 |
| Pro | 10 |
Unauthenticated endpoints
These endpoints don't require authentication:
GET /health— server health checkGET /t/{slug}— tunnel proxy (public by design)GET *.tunnel.nullbore.com— subdomain tunnel proxy
Errors
// Missing or invalid key
HTTP 401
{"error": "unauthorized"}
// Rate limited
HTTP 429
{"error": "rate limit exceeded"}