Reinx has two kinds of credentials, for two kinds of callers:
| Credential | Who uses it | Where |
|---|
Agent API key (sk_reinx_live_…) | AI agents | The MCP server and agent payment endpoints |
| Organization session / org API key | Humans and org automations | Management endpoints (agents, approvals, transactions, …) |
Agent API keys
Keys are minted per agent, use the sk_reinx_live_ prefix, and are sent as a Bearer token:
curl -H "Authorization: Bearer sk_reinx_live_your_key_here" \
https://mcp.reinx.ai/mcp
- Shown once at creation — only a hash is stored. If lost, revoke and mint a new one.
- One active key per agent. Revocation propagates in seconds.
- Keys can be scoped to a subset of MCP tools at creation.
- An invalid or revoked key returns
401. Archiving an agent revokes its key, so an archived agent’s requests also return 401. A paused agent keeps its key and returns 403 AGENT_PAUSED.
The agent’s key is an access badge, not a wallet: agents never hold card numbers or wallet signing
keys. Store the key in your agent’s runtime configuration, never in its prompt or memory.
Organization access
Management endpoints authenticate with your dashboard session (JWT). For programmatic access, scoped organization API keys (created in Settings → API Keys) can call read endpoints such as GET /v1/transactions.
Base URL
All endpoints are versioned under /v1/. Breaking changes will be introduced under /v2/ without disrupting existing integrations.
Rate limits
| Plan | Requests/min |
|---|
| Free | 100 |
| Pro | 1,000 |
| Enterprise | 5,000 (custom available) |
Every response carries x-ratelimit-limit, x-ratelimit-remaining, and x-ratelimit-reset. Exceeding a limit returns 429 with the code RATE_LIMITED, a retry_after_seconds field, and a retry-after header. Some sensitive routes carry additional per-route caps.
Errors
Errors use a flat envelope:
{ "error": "RATE_LIMITED", "message": "…", "retry_after_seconds": 12 }
error is a stable machine-readable code; message is human-readable and may change.