API keys start with
nb_ and are 48 characters long. Generate them in your dashboard under Profile → API Keys.Getting Your API Key
- Log in to elumenta.ru/web
- Go to Profile → API Keys
- Click + Generate New Key
- Give it a name (e.g.
my-app-production) - Copy and save the key immediately — it won’t be shown again
Web Auth (for building user-facing apps)
If you’re building an application where end-users authenticate with their Elumenta account, use the standard web auth flow instead of API keys.Telegram Login
Email / Password
Phone / Password
For users registered via SMS (Russian phone numbers):Phone numbers must be in E.164 format (
+7XXXXXXXXXX for Russian numbers). The web interface auto-detects whether you’re entering an email or phone and routes to the appropriate endpoint.Google OAuth
Token Refresh
Access tokens expire after 15 minutes. Use the refresh token (stored as an httpOnly cookie) to get a new one:Security Best Practices
Never expose keys in client-side code
Never expose keys in client-side code
API keys should only be used server-side. If you need to call the API from a browser or mobile app, build a proxy endpoint on your server that adds the key before forwarding the request.
Use environment variables
Use environment variables
Store your API key in environment variables, never hardcode it:
Rotate keys regularly
Rotate keys regularly
You can generate multiple keys and delete old ones. Each key appears as a separate entry in your dashboard with its last-used timestamp.
Rate limits apply per key
Rate limits apply per key
Each API key shares the rate limits of your subscription plan. If you’re building a multi-tenant app, consider one key per customer (contact support for high-volume arrangements).
Error Responses
| HTTP Code | Error | Meaning |
|---|---|---|
401 | Not authenticated | Missing or malformed Authorization header |
401 | Invalid or expired token | Token is wrong or has expired |
403 | Insufficient plan | API access requires VIP or Elite plan |
429 | Rate limit exceeded | Too many requests, see Rate Limits |

