API Keys
Programmatic access for agents, API platform, and automations
API Keys
Nexus uses two key families depending on which surface you integrate with.
Workspace keys (Nexus web / sandbox)
Used against nexus.hardalion.com (or sandbox) tenant APIs.
Authorization: Bearer hnx_live_xxxxxxxxCreated in the dashboard or at sandbox workspace creation. Tenant-bound and revocable.
Platform keys (api.hardalion.com)
Used against the public AIaaS API at api.hardalion.com/v1.
Authorization: Bearer hdl_live_xxxxxxxx
Authorization: Bearer hdl_test_xxxxxxxxCreated in the Developer portal. Scoped (compliance:read, agents:execute, etc.) with rate limits and metering.
Best practices
- Separate keys per environment (test vs live) and per service.
- Rotate on schedule and immediately on incident.
- Never commit keys to git or client-side bundles.
- Prefer
hdl_test_keys until production sign-off.
Example: list agents (web tenant API)
curl -H "Authorization: Bearer $NEXUS_WORKSPACE_KEY" \
https://nexus.hardalion.com/api/v1/agentsExample: public API (platform)
curl -X POST https://api.hardalion.com/v1/agents/execute \
-H "Authorization: Bearer $HARDALION_API_KEY" \
-H "Content-Type: application/json" \
-d '{"agentId":"...","userPrompt":"Run safe compliance check"}'See Agents API and the live OpenAPI on the developer portal.