Authentication
Every API request requires a Bearer token. API keys are HMAC-signed and prefixed with nram_.
Using your API key
- Python
- TypeScript
- curl
from novyx import Novyx
# Pass directly
nx = Novyx(api_key="nram_your_key")
# Or use environment variable (recommended)
# export NOVYX_API_KEY=nram_your_key
nx = Novyx() # reads from NOVYX_API_KEY
import { Novyx } from "novyx";
// Pass directly
const nx = new Novyx({ apiKey: "nram_your_key" });
// Or use environment variable
// NOVYX_API_KEY=nram_your_key
const nx2 = new Novyx(); // reads from NOVYX_API_KEY
curl https://novyx-ram-api.fly.dev/v1/memories \
-H "Authorization: Bearer nram_your_key"
Key management
Create a new key
- Python
- curl
key = nx.create_api_key(name="production-agent")
print(key["api_key"]) # nram_... — save this, it's shown only once
curl -X POST https://novyx-ram-api.fly.dev/v1/api-keys \
-H "Authorization: Bearer nram_your_key" \
-H "Content-Type: application/json" \
-d '{"name": "production-agent"}'
Rotate a key
new_key = nx.rotate_api_key(key_id="key-uuid")
# Old key is immediately invalidated
List keys
keys = nx.list_api_keys()
for k in keys:
print(f"{k['name']} — created {k['created_at']}")
Security model
| Feature | Detail |
|---|---|
| Key format | nram_ prefix + HMAC-signed payload |
| Storage | Keys are hashed server-side — we never store plaintext |
| Rotation | Instant invalidation of old key |
| Audit | Every key usage is logged in the audit trail |
| Rate limiting | Per-key, per-plan (1,000–10,000 req/min) |
Base URL
All API requests go to:
https://novyx-ram-api.fly.dev
MCP local mode
The MCP server can run without an API key using local SQLite storage. See MCP Local Mode.