Skip to content
noxstock
Reference

Authentication

How API keys work in noxstock.

noxstock uses API keys sent with the X-API-Key header.

curl "https://api.noxstock.com/v2/snapshot?symbol=AAPL" \
  -H "X-API-Key: $NOXSTOCK_API_KEY"

Key format

Keys start with nxs_. The full key is shown once when created. Store it in your server-side secret manager.

Create and revoke keys

Use the dashboard:

https://noxstock.com/dashboard/keys

Revoked keys should fail immediately. Internally, dashboard revokes write a short-lived revocation marker in Redis in addition to deleting the Unkey key, closing cache/edge propagation windows.

Server-side only

Do not expose noxstock keys in:

  • browser JavaScript
  • mobile app binaries without a backend broker
  • public GitHub repositories
  • screenshots or support chats
  • client-side logs

Error behavior

Missing, invalid, expired, or revoked keys return:

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing or invalid X-API-Key header.",
    "retryable": false
  }
}

Agent skill template

A compact skill file agents can install or copy.

Plans and limits

Endpoint access, minute rate limits, and quotas.

On this page

Key formatCreate and revoke keysServer-side onlyError behavior