Authentication
All authenticated API requests use Bearer tokens. Public entity endpoints (embed scripts, JSON-LD, llms.txt) are open and require no authentication.
API Key Format
Nordax API keys use the prefix nak_ followed by 48 hex characters. Keys are securely hashed before storage — we never store your raw key.
nak_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6Using Your Key
Include your key in the Authorization header:
Authorization: Bearer nak_your_api_key_herecurl -H "Authorization: Bearer nak_your_key" \
https://api.nordax.ai/v1/entities/your-slugconst res = await fetch("https://api.nordax.ai/v1/entities/your-slug", {
headers: { Authorization: "Bearer nak_your_key" },
});
const data = await res.json();import requests
res = requests.get(
"https://api.nordax.ai/v1/entities/your-slug",
headers={"Authorization": "Bearer nak_your_key"},
)
data = res.json()Generating API Keys
API keys require the Authority tier or higher.
- 1Go to Dashboard → Settings → API Keys
- 2Click Generate New Key and give it a name
- 3Copy the key immediately — it won't be shown again
Rate Limits
| Tier | Rate Limit |
|---|---|
| Authority | 100 req/min |
| Gold | 100 req/min |
| Enterprise | Custom — contact us |
Public vs. Authenticated Endpoints
Public (No Auth Required)
Entity embed scripts, JSON-LD, llms.txt, entity.json, open-entity.json, public entity profiles, badges, and the MCP server. These are designed to be accessed by browsers, AI crawlers, and external systems without credentials.
Authenticated (API Key Required)
Entity management (create, update, delete), score signals, webhook subscriptions, organization endpoints, and any write operations. These require a valid API key in the Authorization header.
Error Responses
| Status | Meaning |
|---|---|
| 401 | Missing or invalid API key |
| 403 | Key valid but insufficient tier for this endpoint |
| 429 | Rate limit exceeded — wait and retry |