> ## Documentation Index
> Fetch the complete documentation index at: https://docs.reinx.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Reinx API

Reinx has two kinds of credentials, for two kinds of callers:

| Credential                             | Who uses it                | Where                                                             |
| -------------------------------------- | -------------------------- | ----------------------------------------------------------------- |
| **Agent API key** (`sk_reinx_live_…`)  | AI agents                  | The [MCP server](/mcp-tools/overview) and agent payment endpoints |
| **Organization session / org API key** | Humans and org automations | Management endpoints (agents, approvals, transactions, …)         |

## Agent API keys

Keys are minted per agent, use the `sk_reinx_live_` prefix, and are sent as a Bearer token:

```bash theme={null}
curl -H "Authorization: Bearer sk_reinx_live_your_key_here" \
  https://mcp.reinx.ai/mcp
```

* Shown **once** at creation — only a hash is stored. If lost, revoke and mint a new one.
* One active key per agent. Revocation propagates in seconds.
* Keys can be scoped to a subset of MCP tools at creation.
* An invalid or revoked key returns `401`. Archiving an agent revokes its key, so an archived agent's requests also return `401`. A **paused** agent keeps its key and returns `403 AGENT_PAUSED`.

<Warning>
  The agent's key is an access badge, not a wallet: agents never hold card numbers or wallet signing
  keys. Store the key in your agent's runtime configuration, never in its prompt or memory.
</Warning>

## Organization access

Management endpoints authenticate with your dashboard session (JWT). For programmatic access, scoped **organization API keys** (created in Settings → API Keys) can call read endpoints such as `GET /v1/transactions`.

## Base URL

```
https://api.reinx.ai/v1/
```

All endpoints are versioned under `/v1/`. Breaking changes will be introduced under `/v2/` without disrupting existing integrations.

## Rate limits

| Plan       | Requests/min             |
| ---------- | ------------------------ |
| Free       | 100                      |
| Pro        | 1,000                    |
| Enterprise | 5,000 (custom available) |

Every response carries `x-ratelimit-limit`, `x-ratelimit-remaining`, and `x-ratelimit-reset`. Exceeding a limit returns `429` with the code `RATE_LIMITED`, a `retry_after_seconds` field, and a `retry-after` header. Some sensitive routes carry additional per-route caps.

## Errors

Errors use a flat envelope:

```json theme={null}
{ "error": "RATE_LIMITED", "message": "…", "retry_after_seconds": 12 }
```

`error` is a stable machine-readable code; `message` is human-readable and may change.
