The nuget client makes an anonymous check to verify the repository before pushing content. If anonymous access is disabled in Nexus 3 then this check will not succeed. On the client you will see credentials being requested although you provided a valid API key in the request.
To workaround this requirement, you can implement limited anonymous access which only grants read access to the root of the NuGet repository without access to the content.
1. Create a content selector with search expression:
format=="nuget" and path=="/"
2. Create a content selector privilege for the above content selector with read access.
3. Create a role and grant the above privilege and no others.
4. Create a user and grant the above role and no others. This will be the new anonymous user. It should not have the nx-anonymous role if you want to keep access restricted. Only the content selector privilege is needed.
5. Configure Anonymous Access to set the anonymous user to the one created above and check the Enabled box.
nuget push will now work.
For additional help creating content selectors please check here: https://help.sonatype.com/repomanager3/system-configuration/access-control/content-selectors
Additional help with configuring anonymous access is available here: https://help.sonatype.com/repomanager3/system-configuration/user-authentication/anonymous-access