Authentication
Every request to the NutrientAPI requires a valid API key sent as a Bearer token in the Authorization header. There are no query-parameter or cookie-based authentication methods.
Getting Your API Key
Sign up at nutrientapi.com to receive an API key. Keys are available on all plans, including the free tier. Once you have your key, you can start making requests immediately.
Keep your key secret. Do not embed API keys in client-side JavaScript, mobile app bundles, or public repositories. If a key is compromised, rotate it from your dashboard.
Making Authenticated Requests
Include your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer YOUR_API_KEYEvery request must also set Content-Type: application/json since the API only accepts JSON request bodies.
cURL
curl -X POST https://api.nutrientapi.com/v1/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"title": "Greek Salad",
"ingredients": [
"2 cups chopped romaine lettuce",
"1/2 cup crumbled feta cheese",
"1/4 cup kalamata olives"
],
"servings": 1
}'Python
import requests
import os
response = requests.post(
"https://api.nutrientapi.com/v1/analyze",
headers={
"Authorization": f"Bearer {os.environ['NUTRIENT_API_KEY']}",
"Content-Type": "application/json",
},
json={
"title": "Greek Salad",
"ingredients": [
"2 cups chopped romaine lettuce",
"1/2 cup crumbled feta cheese",
"1/4 cup kalamata olives",
],
"servings": 1,
},
)
data = response.json()
print(data["total_nutrients"]["calories"])JavaScript (Node.js)
const response = await fetch("https://api.nutrientapi.com/v1/analyze", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.NUTRIENT_API_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
title: "Greek Salad",
ingredients: [
"2 cups chopped romaine lettuce",
"1/2 cup crumbled feta cheese",
"1/4 cup kalamata olives",
],
servings: 1,
}),
});
const data = await response.json();
console.log(data.total_nutrients.calories);Ruby
require "net/http"
require "json"
uri = URI("https://api.nutrientapi.com/v1/analyze")
request = Net::HTTP::Post.new(uri)
request["Authorization"] = "Bearer #{ENV['NUTRIENT_API_KEY']}"
request["Content-Type"] = "application/json"
request.body = {
title: "Greek Salad",
ingredients: [
"2 cups chopped romaine lettuce",
"1/2 cup crumbled feta cheese",
"1/4 cup kalamata olives",
],
servings: 1,
}.to_json
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http|
http.request(request)
}
data = JSON.parse(response.body)
puts data["total_nutrients"]["calories"]Authentication Errors
If authentication fails, you will receive one of these HTTP responses:
| Status Code | Meaning | What to Do |
|---|---|---|
401 Unauthorized |
Missing or malformed Authorization header |
Check that the header is present and uses the Bearer scheme |
403 Forbidden |
API key is invalid, expired, or revoked | Verify the key in your dashboard; rotate if necessary |
429 Too Many Requests |
Rate limit exceeded for your plan | Back off and retry; consider upgrading your plan for higher limits |
All error responses follow a consistent JSON format:
{
"error": {
"code": "unauthorized",
"message": "Invalid or missing API key"
}
}Best Practices
- Use environment variables to store your API key. Never hard-code it.
- Rotate keys periodically from your dashboard, especially if team members leave.
- Use a server-side proxy if your frontend needs nutrition data. The proxy makes authenticated requests on behalf of the client, keeping your key off the network.
- Cache responses aggressively. All plans allow full caching with no attribution required. The same recipe input will always produce the same result, so there is no reason to re-request identical analyses.
No attribution required. Unlike some competing APIs, NutrientAPI does not require you to display attribution, branding, or backlinks when using the data. Cache freely, display however you want.