LIVE · AUDIT-CHAINED · EU-RESIDENT
SYSTEM · 99.99% UPTIME
v 1.0 ↗ MADE IN EU
Documentation

Quickstart

Create a NexBasira session, mint a field-user invite, and verify a webhook in under 5 minutes.

Quickstart

From "no account" to "session created + first webhook received" in about five minutes. We'll use the Node SDK; Python's almost identical.

1. Get API credentials

  1. Sign up at app.nexbasira.com — the bootstrap flow creates your organisation + admin user in one step.
  2. Go to Admin → API credentials and click Issue credential.
  3. Copy the nb_pub_* + nb_sec_* pair. The secret is shown exactly once — store it in your secrets manager immediately.

2. Install the SDK

npm install @nexbasira/node

Or for Python: pip install nexbasira.

3. Create a session

import { NexBasira } from "@nexbasira/node";

const nb = new NexBasira({
  apiKey: process.env.NB_PUBLIC_KEY!,
  apiSecret: process.env.NB_SECRET_KEY!,
});

const session = await nb.sessions.create({
  notes: "Vehicle damage — claim CL-2026-0042",
  scheduled_for: "2026-05-23T10:00:00Z",
});

console.log("Session id:", session.id);
// → "0c8f4d2e-..."

4. Mint a field-user invite

const invite = await nb.sessions.invite(session.id, {
  recipient_email: "alex@policyholder.com",
  send_email: true,
});

console.log("Field URL (shown ONCE):", invite.url);
// → "https://app.nexbasira.com/join/0c8f.../?t=tok_..."

Send the URL to your field user — they open it on a phone (mobile Safari or Chrome), grant camera + GPS permissions, and the operator sees them on the SPA dashboard in under 30 seconds.

5. Wire up the webhook

Webhooks fire on session.created, session.completed, evidence.added, recording.ready, audit.anchored, signature.completed, and a few more. Register a delivery URL from Admin → Webhooks and verify the signature on every POST: 

// Express handler
app.post("/nb-webhook", express.raw({ type: "application/json" }), (req, res) => {
  const sig = req.header("NB-Signature")!;
  const secret = process.env.NB_WEBHOOK_SECRET!;

  try {
    const event = nb.webhooks.constructEvent(req.body, sig, secret);
    // event is now type-narrowed by event.type
    switch (event.type) {
      case "session.completed":
        await onSessionCompleted(event.data);
        break;
      case "audit.anchored":
        await onAuditAnchored(event.data);
        break;
    }
    res.status(204).end();
  } catch (err) {
    if (err instanceof InvalidSignatureError) {
      return res.status(401).send("bad signature");
    }
    throw err;
  }
});

6. (Optional) Embed the field-side widget

If you'd rather host the field-user experience inside your own customer-facing app instead of using our hosted URL, use the embed widget: 

import { embed } from "@nexbasira/embed";

const widget = embed({
  container: "#nb-host",
  sessionUrl: invite.url,
  onSessionComplete: (id) => router.push(`/inspections/${id}`),
});

// Imperative methods on the returned handle:
widget.requestSnapshot();
widget.openWhiteboard();
widget.endSession();

React app? Use @nexbasira/react's <NexBasiraSession> component instead — same surface, idiomatic React.

What you have now

  • Sessions created via API
  • Field users joining via signed invite URLs (no app install)
  • Webhooks verified + dispatched in your backend
  • (Optional) embedded field-side experience inside your product

What's next