API Keys
Generate, rotate, and revoke API keys for the NERO MPC SDK
API Keys
API keys authenticate your application with the NERO MPC Auth backend. Every SDK request includes the key in the X-API-Key header.
Generate a Key
- Navigate to your project → API Keys
- Click Create Key
- Enter a name (e.g., "Production backend")
- Copy the generated key immediately
The key format is nero_sk_<random> and is shown only once. If you lose it, generate a new one and revoke the old one.
Keys are stored as HMAC-SHA256 hashes — the plaintext key is never stored on the server.
Key Scopes
All keys are created with default scopes:
| Scope | Allows |
|---|---|
auth | OAuth flows, email/phone OTP, session management |
wallet | Wallet generation, listing wallets, key material |
signing | Message signing, transaction signing, typed data signing |
Using the Key
Pass the API key in your SDK configuration:
const sdk = new NeroMpcSDK({
backendUrl: "https://mpc-auth.nerochain.io",
apiKey: "nero_sk_your_key_here",
chainId: 689,
});The SDK automatically includes it in the X-API-Key header on every API request.
Rate Limits
Rate limits are enforced per API key, based on your plan:
| Operation | Free | Growth | Scale |
|---|---|---|---|
| General requests | 100/15 min | Higher | Unlimited |
| Key generation | 30/day | 1,000/day | 10,000/day |
| Signing operations | 100/day | 5,000/day | 50,000/day |
| Key material export | 10/day | 100/day | 1,000/day |
When limits are exceeded, the API returns HTTP 429 with a Retry-After header.
Rotate a Key
Rotation generates a new key and immediately revokes the old one:
- Click the Rotate button on an existing key
- Copy the new key (shown once)
- Update your application configuration
- The old key stops working immediately
Revoke a Key
Revoking a key disables it permanently (soft delete). Revoked keys cannot be reactivated — generate a new one instead.
Plan Limits
| Plan | Keys per Project |
|---|---|
| Free | 2 |
| Growth | 5 |
| Scale | Unlimited |