> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nexalayer.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> NexaLayer recommends direct X-API-Key authentication for agents and scripts.

# Authentication

NexaLayer supports API key authentication. Agents, scripts, and automation jobs should send `X-API-Key` on each request.

```bash theme={null}
curl "https://api.nexalayer.net/v1/account/info" \
  -H "X-API-Key: ak_your_key"
```

## Request an API key by email

```bash theme={null}
curl -X POST "https://api.nexalayer.net/v1/account/request-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "dev@example.com",
    "referral_code": "optional"
  }'
```

The response does not include the API key. NexaLayer sends it to the mailbox:

```json theme={null}
{
  "success": true,
  "data": {
    "status": "email_sent",
    "claim_status": "granted",
    "trial_balance": 1,
    "backend_ready": true,
    "message": "If the email address is valid, the API key has been sent."
  }
}
```

Trial credit can be claimed once per email address. Later requests resend the existing API key.

## backend\_ready

`backend_ready` is the real provisioning gate:

* `true`: the account is synced and can list products, read balance, and create sessions
* `false`: do not create sessions; surface or retry the backend sync problem

## Idempotency

For write operations such as session creation, rotation, renewal, and recharge, send an `Idempotency-Key`:

```text theme={null}
Idempotency-Key: create-session-20260710-001
```

This lets agents retry safely without duplicating paid operations.
