Authentication

Key format

Atlas keys are formatted nm_live_<prefix>_<random>. The prefix is stored as plaintext in our database for fast lookup; the random portion is hashed with SHA-256 and a per-key salt. The full value is shown to you exactly once at creation.

Issuing a key

Open the console at /console/api-keys. Click Create key, name the key after the system or service that will use it, and copy the value immediately. Members at the admin role and higher may create keys.

Sending requests

Send the key as a Bearer token on every request:

bashcurl https://api.newmen.ai/v1/models \
  -H "Authorization: Bearer nm_live_a1b2c3_…"

A missing or invalid token returns 401 unauthorized. Treat 401 as a hard failure — do not retry without re-issuing the key.

Rotation and revocation

Keys can be revoked at any time from the console; revocation is effective within five seconds across all regions. We recommend rotating production keys every ninety days. Rotation is a two-step procedure: issue the new key, deploy it everywhere, then revoke the old key.

For audit purposes, every key records the time and source IP of its last use. Keys with last_used_at more than thirty days in the past are flagged in the console.