Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/nestrilabs/nestri/llms.txt

Use this file to discover all available pages before exploring further.

Every request to the Nestri API must carry a valid Bearer token in the Authorization header. Tokens are JWTs issued after you authenticate through the Nestri web app. Steam-specific endpoints additionally accept an x-nestri-steam header that scopes the request to a particular linked Steam account.

Bearer token

Obtain your token by signing in at nestri.io. Once authenticated, copy your JWT from the account settings or developer section. Include the token on every API request: 
Authorization: Bearer <your-jwt-token>
Treat your token like a password. Never expose it in client-side code, public repositories, or logs.

Example request

curl https://api.nestri.io/account \
  --header "Authorization: Bearer <your-jwt-token>"

Security schemes

The API defines two security schemes:
Authorization
string
required
A JWT issued by the Nestri authentication service. Format: Bearer <token>.
The x-nestri-steam header is only meaningful on /steam/* endpoints. All other routes ignore it.

Authentication errors

If authentication fails, the API returns a 401 response with the following shape: 
{
  "type": "authentication",
  "code": "UNAUTHORIZED",
  "message": "You are not authorized to access this resource"
}
Common causes of 401 errors:
  • Missing Authorization header
  • Expired JWT
  • Malformed token (wrong format or signature)
  • Accessing an endpoint that requires authentication without a valid session

Unauthenticated routes

The Steam popup and callback endpoints (GET /steam/popup/:id and GET /steam/callback/:id) use a short-lived browser cookie (user_id) instead of the Bearer header. These are browser-redirect flows and are not intended for direct API calls. See Steam endpoints for details.

Build docs developers (and LLMs) love

Get started for freeTalk to us