Authentication

Two key types, two purposes: inference keys call the gateway, management keys manage your workspace.

Relixr uses Bearer token authentication with two distinct key types. Using the wrong one in the wrong place is the most common integration mistake — the table below is the one to bookmark.

Inference keys (nf_live_*)Management keys (mgk_*)
Used for/v1/chat/completions, /v1/embeddings, playgroundDashboard REST APIs: keys, agents, usage export, routing rules
ScopeModel allowlist, daily spend cap, optional expiryExplicit scopes: read, write, usage
Created inDashboard → API KeysDashboard → Mgmt Keys
RotationRotate on the key detail page — old key revoked immediatelySame page; update integrations before revoking the old key
Warning:

Never send a management key to the inference gateway — it will be rejected. Management keys manage your workspace; inference keys call the gateway. Keep them in separate secrets stores if you can.

Authorization: Bearer nf_live_your_inference_key

An agent-scoped inference key — one bound to an agent — automatically tags all its usage with that agent's ID. No extra headers required.

Next steps
Create your first API key
Provision an inference key.
Errors
What a bad or expired key returns.
EmbeddingsErrors