Every request to the Plinth API must include your API key as a Bearer token.
curl https://api.useplinth.com/v1/customers \
-H "Authorization: Bearer sk_test_YOUR_KEY"
Key types
| Key prefix | Mode | Notes |
|---|
sk_test_ | Sandbox | No real money. Use in development and staging. |
sk_live_ | Production | Real money. Requires a verified Nomba business account. |
Test and live keys are completely separate. A test key never touches live data, and live keys don’t have access to sandbox resources.
Getting a key
Get your API key from the dashboard. Live keys require KYC completion on your Nomba account.
Invalid key response
If you send an invalid or expired key, you get:
{
"error": "unauthorized",
"message": "Invalid API key.",
"status": 401
}
All other errors return 4xx or 5xx with the same error + message + status shape.
SDK initialisation
import { Plinth } from '@nomba/sdk';
const client = new Plinth({
apiKey: process.env.NOMBA_API_KEY!,
});
Never log or commit API keys. Use environment variables. If a key is compromised, rotate it immediately from the dashboard — the old key is invalidated instantly.