External Apps
Build standalone applications that interact with NoClick workflows using the TypeScript or Python SDK. Authenticate with API keys and connect via WebSocket (Socket.IO).Authentication
External apps authenticate with API keys. Keys are scoped to a user and optionally to a specific workflow.Creating an API Key
Create keys in the dashboard under Settings → Developer: name the key, optionally scope it to one workflow, and click Create. The key looks likenk_live_a1b2c3d4... and is shown once, so copy it immediately. See API keys for permissions, scoping, revocation, and the REST management endpoints.
Key Format
| Part | Example | Description |
|---|---|---|
| Prefix | nk_live_ | Identifies NoClick API keys |
| Secret | a1b2c3d4e5f6... | 64 hex characters (32 bytes) |
Permissions
| Permission | Allows |
|---|---|
read | nodes.getOutput, nodes.list, state.get, dataset.getRows, resources.list |
execute | execution.runNodesAndGetOutput, execution.runNodesInBackground |
write | nodes.setConfig, state.set, dataset.appendRows, resources.upload |
TypeScript SDK
Installation
Connection
Reading Data
Running Nodes
State Management
Real-time Subscriptions
Subscribe to node output changes from any source (cron, webhooks, manual runs):Python SDK
Installation
Connection
Reading Data
Running Nodes
State Management
Credentials
Resources (File Storage)
Dataset CRUD
Real-time Subscriptions
Security
- API keys are hashed (SHA-256) in the database. Raw keys are never stored.
- Workflow scoping: keys can be limited to a single workflow.
- Permission model:
read,execute,writepermissions control what operations are allowed. - Key revocation: keys can be revoked instantly.
- Expiration: keys can have an optional expiry date.
- Socket.IO transport: encrypted WebSocket connection. Same auth context as the browser frontend.