Authentication
Vanguard AI has three credential types. Programmatic calls should always use an API key.
| Credential | Header | Used by |
|---|---|---|
| API key | Authorization: Bearer nt_live_... | Server‑to‑server CV/AI calls |
| JWT (session) | Authorization: Bearer <jwt> | Dashboard / self‑serve actions |
| Admin key | X-Admin-Key: <key> | Back office only (not covered here) |
- A JWT identifies a user within an organization — use it for dashboard actions such as minting keys or reading your balance.
- An API key identifies an organization and is what you ship in your servers to call the OCR, STT, TTS and Chat endpoints.
Sending your key
curl https://api-ocr.vanguardinitiative.com/v1/services \
-H "authorization: Bearer nt_live_your_key_here"Key format
API keys look like nt_live_ followed by 43 characters. They are stored only as a
SHA‑256 hash; the plaintext is returned once when the key is created.
Scopes
Each key carries scopes that gate which services it can call: ocr, stt, tts, chat. A call to a service outside the key’s scopes returns 403 SCOPE_FORBIDDEN.
Grant only the scopes each key needs.
Rate limits & credits
Every call is also checked against your plan’s per‑minute rate limit and your credit balance. See Errors & conventions for the 429 and 402 responses and the headers to watch.