Skip to main content
Preview. The Tools API requires a key with the api:call scope, provisioned on request. It is a different scope from the mcp:call keys you create in the app, which authorize the MCP server. Contact the team to request Tools API access.
Every Tools API endpoint except GET /api/tools/openapi.json requires a developer key with the api:call scope, passed as a Bearer token.

Send the key

Pass the key in the Authorization header:
curl https://pro-api.nikiwa.com/api/tools \
  -H "Authorization: Bearer nkw_live_YOUR_KEY"
Treat developer keys like passwords. They authenticate as you. Never commit a key to source control, embed it in a browser or client-side app, or share it. If a key leaks, revoke it and request a new one.

Scopes

Nikiwa’s two surfaces use separate scopes, and their rate limits and metering are tracked independently:
SurfaceRequired scopeHow to get a key
Tools APIapi:callProvisioned on request (preview)
MCP servermcp:callCreate in the app under MCP Keys
An mcp:call key created in the app does not authorize the Tools API, and vice versa.

Key format

A key has two parts: the nkw_live_ prefix that identifies a live Nikiwa developer key, and a random secret shown only once at creation. When a key is listed later, only a non-secret key prefix is shown, never the full key.

Errors

StatusMeaning
401 UnauthorizedMissing, malformed, or revoked key, or a key without the api:call scope
429 Too Many RequestsPer-key rate limit exceeded