Skip to main content

Authorization

Follow this guide to create a new Navan API credential that will allow Nexla to authenticate to and exchange data with your Navan account.
navan_api_auth.png

Navan API

Prerequisites

The Navan API uses two-legged OAuth 2.0 (client credentials grant) for service-to-service authentication. This approach does not require user interaction or a browser-based authorization flow — Nexla exchanges your Client ID and Client Secret directly for a short-lived Bearer access token, which is then used to authenticate all API requests.

To create a Navan API credential in Nexla, you will need a Client ID, Client Secret, and the Access Token URL from Navan. These credentials are generated in the Navan Admin portal by a Navan company administrator.

Obtain API Credentials from Navan

Follow the steps below to generate API credentials in your Navan account:

  1. Sign in to the Navan Admin portal at app.navan.com using an account with administrator privileges.

  2. Navigate to Travel > Settings > Integrations in the left-hand navigation menu.

  3. Locate the Navan API Credentials section and click Create New.

  4. In the Description field, enter a descriptive name for this API credential (for example, Nexla Integration). The description helps you identify the credential later if you need to rotate or revoke it.

  5. Optionally, enter one or more Allowed IP Addresses or a Subnet Mask to restrict which IP addresses may use this credential. This is a recommended security practice for production integrations.

  6. Click Create. A pop-up window will display your newly generated credentials, including:

    • Client ID — The unique public identifier for this API credential.
    • Secret Key — The confidential password paired with the Client ID.
Important

Copy your Client ID and Secret Key immediately and store them securely. Once the pop-up is closed, the Secret Key cannot be retrieved again. If you lose the Secret Key, you must delete the credential and create a new one.

  1. Click Copy All to copy all credential details to your clipboard, or copy each value individually. Store these values in a secure location (for example, a password manager or secrets vault) before closing the dialog.

  2. Click Done to close the pop-up.

The Access Token URL for Navan is https://api.navan.com/ta-auth/oauth/token. This is the endpoint Nexla will use to exchange your Client ID and Client Secret for a Bearer access token. The default value is pre-populated in the Nexla credential form.

Additional information about Navan API credential setup is available in the Navan Help Center.

Create a Navan API Credential

  • To create a new Navan API credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

OAuth 2.0 (2-Legged) Settings

The Navan API connector uses two-legged OAuth 2.0, also called the client credentials grant. In this flow, Nexla uses your Client ID and Client Secret to request an access token directly from Navan's token endpoint, without redirecting a user to a browser. The resulting Bearer token is automatically attached to each API request Nexla makes on your behalf.

  1. Enter the Client ID obtained from the Navan Admin portal in the Client ID field. The Client ID is the unique public identifier assigned to your API credential.

  2. Enter the Client Secret (Secret Key) obtained from the Navan Admin portal in the Client Secret field. The Client Secret is treated as a password and is masked after entry.

    The Client Secret is stored securely and encrypted at rest. Nexla will never display it in plain text after the credential has been saved.

  3. Verify the Access Token URL field. The default value https://api.navan.com/ta-auth/oauth/token is pre-populated and is the correct token endpoint for the Navan production environment. Update this value only if Navan has provided a different token endpoint for your account.

  4. Verify the API Base URL field. The default value https://app.navan.com is pre-populated as the base URL for Navan API endpoints. Update this value only if Navan has provided a different base URL for your account.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.