Developer docs

Explore API patterns with language-specific guides

Search across endpoints, swap languages on the fly, and copy production-ready code samples with environment-aware variables.

Tip

Use ⌘K to open the command palette and jump to endpoints faster than scrolling.

Domain filters

Narrow by API surface area or product capability.

Report an issue
Surface inconsistencies or request new samples for your stack.
Open escalation form
No endpoints found.
Authentication

Create a session token

/v1/auth/sessions

Billing

Create an invoice in draft

/v1/billing/invoices

Webhooks

Resend a webhook event

/v1/webhooks/events/{event_id}/retry

Create a session token
Exchange a one-time code for a reusable session token with optional MFA challenge.
POST/v1/auth/sessions
OAuthMFA
Snippets auto-inject your environment variables on copy.

Simple request using the PKCE verifier and auth code returned from /authorize.

curl https://api.nextbase.com/v1/auth/sessions   -X POST   -H "Content-Type: application/json"   -H "X-Client-Id: $NEXTBASE_CLIENT_ID"   -d '{
    "grant_type": "authorization_code",
    "code": "$AUTH_CODE",
    "code_verifier": "$PKCE_VERIFIER"
  }'

Session tokens expire after 60 minutes. Refresh tokens remain valid for 30 days or until revoked.

  • Include the `X-Tenant-Id` header when using multi-tenant workspaces.
  • Use the /mfa/challenge endpoint if the response includes `mfa_required=true`.

References

  • OAuth quick start
  • MFA challenge endpoint
Open Postman collection

Search endpoints

Filter by endpoint, action, or domain