Authentication
Any call to the Nuclia API must be authorized.
It can be done in two different ways.
Using API key authentication
API key authentication is the recommended way to authenticate your calls to the Nuclia API. These keys are managed from your Nuclia account, they are valid for one year and can be revoked at any time.
Depending on the endpoint you are calling, you will need different types of keys.
Knowledge Box API key
When calling a Knowledge Box endpoint (typically, to create a resource, or perform a search query), you will need to use the X-NUCLIA-SERVICEACCOUNT header:
X-NUCLIA-SERVICEACCOUNT: Bearer <api-key>
The API key can be obtained from the Nuclia Dashboard: in your Nuclia Knowledge Box home page, click on Settings in the side navigation bar, then API keys.
Account API key
When calling an account endpoint (typically, the Nuclia Understanding API, or creating a new Knowledge Box), you will need to use the X-NUCLIA-NUAKEY header:
X-NUCLIA-NUAKEY: Bearer <api-key>
Using user authentication
User authentication is done by providing a valid user bearer token in the Authorization header:
Authorization: Bearer <token>
This token is obtained by calling the /auth/login endpoint with a valid username and password.
This method is meant to be used from the Nuclia frontend applications but if you need it for testing purpose, you can obtain a token by going to https://nuclia.cloud/redirect?display=token.
The token is valid for 6 hours.
SAML
If your organization uses SAML for authentication, you can declare your SAML identity provider in the Nuclia Dashboard:
- go to Manage Account in the user menu in the top-right corner
- click on Account in the side navigation bar
- enter the Domain, Entity id, Single Sign-On URL and X.509 certificate of your SAML identity provider in the SAML section.
Once this is done, in the login page of the Nuclia Dashboard, users will see a Use Single Sign-On button.
If you are using Google Worskpace, the typical configuration would be:
