Preview. The Tools API requires a key with the api:call scope, provisioned on request. It is a different scope from the mcp:call keys you create in the app, which authorize the MCP server. Contact the team to request Tools API access.
Every Tools API endpoint except GET /api/tools/openapi.json requires a developer key with the api:call scope, passed as a Bearer token.
Send the key
Pass the key in the Authorization header:
curl https://pro-api.nikiwa.com/api/tools \
-H "Authorization: Bearer nkw_live_YOUR_KEY"
Treat developer keys like passwords. They authenticate as you. Never commit a key to source control, embed it in a browser or client-side app, or share it. If a key leaks, revoke it and request a new one.
Scopes
Nikiwa’s two surfaces use separate scopes, and their rate limits and metering are tracked independently:
| Surface | Required scope | How to get a key |
|---|
| Tools API | api:call | Provisioned on request (preview) |
| MCP server | mcp:call | Create in the app under MCP Keys |
An mcp:call key created in the app does not authorize the Tools API, and vice versa.
A key has two parts: the nkw_live_ prefix that identifies a live Nikiwa developer key, and a random secret shown only once at creation. When a key is listed later, only a non-secret key prefix is shown, never the full key.
Errors
| Status | Meaning |
|---|
401 Unauthorized | Missing, malformed, or revoked key, or a key without the api:call scope |
429 Too Many Requests | Per-key rate limit exceeded |