Developer API Keys

The Nexartis NANDA Node uses API keys to authenticate write operations. Read operations (search, lookup, list, health) are always open — no key required.

How It Works

  • Read endpoints are openGET /list, GET /search, GET /lookup/:id, GET /agentfacts/:id, GET /health, GET /stats, GET /reputation
  • Write endpoints accept API keysPOST /register, PUT /agentfacts/:id, DELETE /agents/:id
  • Keys use the nanda_ prefix and are passed via the Authorization header
  • Keys are hashed with SHA-256 before storage — the raw key is shown only once at generation time

Getting a Key

  1. Sign in to your Nexartis account (or create one for free)
  2. Go to the Developer Dashboard
  3. Click Generate, give your key a name, and copy the raw key immediately

You can also generate keys via the API:

curl -X POST https://nanda.nexartis.com/api/developers/keys \
  -H "Cookie: access_token=YOUR_SESSION" \
  -H "Content-Type: application/json" \
  -d '{"name": "my-agent-key"}'

Using Your Key

Include your key in the Authorization header with the Bearer scheme:

curl -X POST https://nanda.nexartis.com/register \
  -H "Authorization: Bearer nanda_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "my-agent", "agent_url": "https://my-agent.example.com"}'

Rate Limits

Rate limits are applied monthly per key. Usage counters reset on the 1st of each month.

TierRequests/MonthMax Active KeysPrice
Free1,0005$0
Pro10,00025Contact us
Enterprise100,000UnlimitedCustom

Key Management API

Generate a key

POST /api/developers/keys
Content-Type: application/json

{"name": "my-key", "tier": "free"}

→ 201 {"key": {"id": "...", "raw_key": "nanda_...", ...}}

List your keys

GET /api/developers/keys

→ 200 {"keys": [...]}

Revoke a key

DELETE /api/developers/keys/:id

→ 200 {"message": "API key revoked successfully", ...}

Security Notes

  • Keys are SHA-256 hashed before storage — we never store the raw key
  • The raw key is returned exactly once at generation time
  • Revoked keys cannot be un-revoked — generate a new one instead
  • Keys that exceed their monthly rate limit will receive 429 Too Many Requests
  • Expired keys are automatically rejected

Transition Period

During the initial rollout, API keys are accepted but not required for write endpoints. This allows existing integrations (like KnowYourModel) to continue working without interruption. Once all known consumers have adopted keys, write endpoints will require authentication.

Get Your API Key Full API Reference
Related reading Developer API Keys — a deep dive into key management, rate limits, and scopes · NestJS Quickstart — integrating NANDA into a NestJS application

Coming Soon

By Invitation Only