Skip to main content
This is not vaporware documentation. The API and MCP server run in production today, serving the chat analyst every answer it gives. Public access opens in beta after launch: key minting and credit packs open with the beta. This page documents the live contract. Launch status tracks what is on today.
You authenticate every paid call with a personal key in the Authorization header. That is the entire auth model: no OAuth, no session tokens, no signature schemes.
A personal key starts with nx_. Pass it as a bearer token. A key never belongs in a query string.

Key lifecycle

You mint a personal key in the console at /dashboard once the API beta opens. The full key is shown once, at creation. Noxint stores only a SHA-256 hash, so it cannot show you the key again or recover a lost one. If a key is exposed, revoke it in the console and mint a new one. Revocation takes effect immediately, not on the next cache flush. You can hold up to 5 active keys per account. Minting a sixth is rejected until you revoke one. Give each tool or agent its own key, so revoking one never disrupts the others.

Which operations need a key

The keyless operations teach the contract, so an agent with nothing can still learn everything. The free keyed operations resolve IDs, list coverage, and report your credits and rate limit. Only delivered market data costs data credits. See Data credits for how charges are counted.

Rate limits

Each personal key gets 60 rate units per minute. Most calls spend one unit. Batch and rank requests spend units equal to their maximum reserved work: a read with 10 IDs spends 10 units, a rank with limit=50 spends 50. Rate units are a separate meter from data credits, and a rejected call still spends a rate unit. Check usage for your current remaining units and reset time.
Personal keys are for your own tooling. Reselling, redistributing, multi-tenant serving, and serving third parties from your key are prohibited.
Every authenticated response is Cache-Control: no-store.