API Keys

Programmatic access for agents, API platform, and automations

API Keys

Nexus uses two key families depending on which surface you integrate with.

Workspace keys (Nexus web / sandbox)

Used against nexus.hardalion.com (or sandbox) tenant APIs.

Authorization: Bearer hnx_live_xxxxxxxx

Created in the dashboard or at sandbox workspace creation. Tenant-bound and revocable.

Platform keys (api.hardalion.com)

Used against the public AIaaS API at api.hardalion.com/v1.

Authorization: Bearer hdl_live_xxxxxxxx
Authorization: Bearer hdl_test_xxxxxxxx

Created in the Developer portal. Scoped (compliance:read, agents:execute, etc.) with rate limits and metering.

Best practices

  • Separate keys per environment (test vs live) and per service.
  • Rotate on schedule and immediately on incident.
  • Never commit keys to git or client-side bundles.
  • Prefer hdl_test_ keys until production sign-off.

Example: list agents (web tenant API)

curl -H "Authorization: Bearer $NEXUS_WORKSPACE_KEY" \
  https://nexus.hardalion.com/api/v1/agents

Example: public API (platform)

curl -X POST https://api.hardalion.com/v1/agents/execute \
  -H "Authorization: Bearer $HARDALION_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"agentId":"...","userPrompt":"Run safe compliance check"}'

See Agents API and the live OpenAPI on the developer portal.