This is not vaporware documentation. The API and MCP server run in production
today, serving the chat analyst every answer it gives. Public access opens in
beta after launch: key minting and credit packs open with the beta. This page
documents the live contract. Launch status tracks what is on
today.
Authorization
header. That is the entire auth model: no OAuth, no session tokens, no
signature schemes.
nx_. Pass it as a bearer token. A key never
belongs in a query string.
Key lifecycle
You mint a personal key in the console at /dashboard once the API beta opens. The full key is shown once, at creation. Noxint stores only a SHA-256 hash, so it cannot show you the key again or recover a lost one. If a key is exposed, revoke it in the console and mint a new one. Revocation takes effect immediately, not on the next cache flush. You can hold up to 5 active keys per account. Minting a sixth is rejected until you revoke one. Give each tool or agent its own key, so revoking one never disrupts the others.Which operations need a key
The keyless operations teach the contract, so an agent with nothing can still
learn everything. The free keyed operations resolve IDs, list coverage, and
report your credits and rate limit. Only delivered market data costs data
credits. See Data credits for how charges are counted.
Rate limits
Each personal key gets 60 rate units per minute. Most calls spend one unit. Batch and rank requests spend units equal to their maximum reserved work: aread with 10 IDs spends 10 units, a rank with limit=50 spends 50. Rate
units are a separate meter from data credits, and a rejected call still spends
a rate unit. Check usage for your current remaining units and reset time.
Personal keys are for your own tooling. Reselling, redistributing,
multi-tenant serving, and serving third parties from your key are prohibited.
Cache-Control: no-store.