Authentication
Two key types, two purposes: inference keys call the gateway, management keys manage your workspace.
Relixr uses Bearer token authentication with two distinct key types. Using the wrong one in the wrong place is the most common integration mistake — the table below is the one to bookmark.
Inference keys (nf_live_*) | Management keys (mgk_*) | |
|---|---|---|
| Used for | /v1/chat/completions, /v1/embeddings, playground | Dashboard REST APIs: keys, agents, usage export, routing rules |
| Scope | Model allowlist, daily spend cap, optional expiry | Explicit scopes: read, write, usage |
| Created in | Dashboard → API Keys | Dashboard → Mgmt Keys |
| Rotation | Rotate on the key detail page — old key revoked immediately | Same page; update integrations before revoking the old key |
Warning:
Never send a management key to the inference gateway — it will be rejected. Management keys manage your workspace; inference keys call the gateway. Keep them in separate secrets stores if you can.
An agent-scoped inference key — one bound to an agent — automatically tags all its usage with that agent's ID. No extra headers required.
Next steps