Authentication
Bearer token auth with inference keys or scoped management keys.
Inference keys (nf_live_*)
- Used for POST /v1/chat/completions, /v1/embeddings, and playground proxy.
- Scoped per key: model allowlist, daily spend cap, optional expiry.
- Agent-scoped keys (bound to an agent) tag usage with agentId automatically.
- Rotate from Dashboard → API Keys → Rotate — old key revoked immediately.
Management keys (mgk_*)
- Used for dashboard REST APIs: keys, agents, usage export, routing rules.
- Created under Dashboard → Mgmt Keys with explicit scopes (read, write, usage).
- Never send management keys to the inference gateway — they will be rejected.
- Rotate on the same page; update integrations before revoking the old key.