Vanguard AI

Authentication

Vanguard AI has three credential types. Programmatic calls should always use an API key.

CredentialHeaderUsed by
API keyAuthorization: Bearer nt_live_...Server‑to‑server CV/AI calls
JWT (session)Authorization: Bearer <jwt>Dashboard / self‑serve actions
Admin keyX-Admin-Key: <key>Back office only (not covered here)
  • A JWT identifies a user within an organization — use it for dashboard actions such as minting keys or reading your balance.
  • An API key identifies an organization and is what you ship in your servers to call the OCR, STT, TTS and Chat endpoints.

Sending your key

Key format

API keys look like nt_live_ followed by 43 characters. They are stored only as a SHA‑256 hash; the plaintext is returned once when the key is created.

Scopes

Each key carries scopes that gate which services it can call: ocr, stt, tts, chat. A call to a service outside the key’s scopes returns 403 SCOPE_FORBIDDEN. Grant only the scopes each key needs.

Rate limits & credits

Every call is also checked against your plan’s per‑minute rate limit and your credit balance. See Errors & conventions for the 429 and 402 responses and the headers to watch.