Quick Start

This guide walks you through authenticating and making your first API call to a Naburis product.

Prerequisites

Get an access token

Authenticate via OIDC to obtain a JWT access token. Start by discovering the available endpoints:
Terminal window
```
curl https://auth.naburis.cloud/.well-known/openid-configuration
```
For browser applications, use the Authorization Code + PKCE flow. For server-to-server integration, use Client Credentials or a Personal Access Token. See Authentication for full details.

Set your request headers

Every API request requires four headers:

Header	Source	Purpose
`Authorization`	OIDC token exchange	Bearer token for authentication
`X-Tenant-ID`	`urn:zitadel:iam:org:id` JWT claim	Organization scope
`X-Workspace-ID`	Your workspace ID	Workspace scope (often same as tenant)
`X-Context-ID`	Your context/graph ID	Data isolation scope

Make an API call
- Keystone
Terminal window
# Health check (no auth required) curl -s https://ks.naburis.cloud/health # Query the knowledge graph curl -X POST https://ks.naburis.cloud/sparql \ -H "Authorization: Bearer $TOKEN" \ -H "X-Tenant-ID: $TENANT_ID" \ -H "X-Workspace-ID: $WORKSPACE_ID" \ -H "X-Context-ID: $CONTEXT_ID" \ -H "Content-Type: application/sparql-query" \ -d "SELECT ?s ?p ?o WHERE { ?s ?p ?o } LIMIT 10"
Check your usage

API calls are automatically metered against your plan. Usage is visible in the Stripe customer portal.

Your access token includes platform-specific claims, injected automatically via a pre-access-token webhook:

Claim	Type	Description
Customer ID	`string`	Your customer identifier
Plan	`string`	Subscription plan tier (`free`, `pro`, `enterprise`)
Products	`string[]`	Products you have access to
Product plans	`object`	Product → plan tier mapping
`urn:zitadel:iam:org:id`	`string`	Organization (tenant) ID

These claims drive authorization, metering, and rate limiting across all products.