Skip to main content
Every request is authenticated with an API key sent in the X-API-Key header:
curl -s https://ndi-api.nace.ai/api/v1/jobs \
  -H "X-API-Key: ndi_sk_..."
Keys start with the prefix ndi_sk_. They are issued by your Nace representative and are scoped to your organization (tenant): every job, uploaded file, and result belongs to the tenant whose key created it, and is invisible to every other tenant.

Handling your key

Treat the key like a password. Anyone holding it can start jobs, read your job history, and download your results.
  • Store it in a secret manager or environment variable — never in source control, client-side code, or logs.
  • Use one key per environment / integration so a leak can be revoked without breaking everything else.
  • If a key is exposed, contact us immediately — revocation takes effect within minutes across all servers.

Failure modes

SituationResponse
Header missing or malformed401 with error.code = "unauthorized"
Key unknown or revoked401 with error.code = "unauthorized"
Key valid but account disabled401 with error.code = "unauthorized"
The response never distinguishes why a key was rejected — that is deliberate. All error responses share one envelope; see Errors & limits.