Skip to main content
Every request except /health uses a Bearer token: 
Authorization: Bearer oxi_sk_live_...

The key

PropertyValue
Formatoxi_sk_live_ + 64 hex chars (76 chars total)
Storage on our sideHMAC-SHA256 hash. We never store plaintext.
Active keys per account1. Regenerating revokes the old key.
Where to generate0xinsider.com/developers
The key shows once, at generation. After that the dashboard shows only the prefix (oxi_sk_live_XXXX) so you can identify it.

Generate a key

  1. Log in at 0xinsider.com.
  2. Open Developers.
  3. Click Generate Key.
  4. Copy it immediately.

Common mistakes

Wrong:
Authorization: oxi_sk_live_...
Right:
Authorization: Bearer oxi_sk_live_...
Without the Bearer prefix you get 401 invalid_api_key.
The full key is 76 characters. Anything shorter is a partial copy.
A valid key with an expired subscription returns 402 subscription_required. Re-subscribe at pricing; the same key resumes.
Regenerating revokes the old key in the same call. Update every place it lives: .env files, deployed secrets, MCP configs.

If a key leaks

Treat it like any production secret:
  1. Go to Developers.
  2. Click Regenerate Key. The old key dies immediately.
  3. Roll the new key into every consumer: bots, MCP configs, CI secrets, dashboards.

Key management endpoints

These manage your own keys from the dashboard. They use the session cookie (JWT), not an API key, so you can’t call them from a script with oxi_sk_live_....
ActionMethodEndpoint
Create keyPOST/api/keys
List keysGET/api/keys
Revoke keyDELETE/api/keys/{id}
RegeneratePOST/api/keys/regenerate

A subscription-blocked response

{
  "object": "error",
  "error": {
    "code": "subscription_required",
    "message": "Active Insider subscription required.",
    "doc_url": "https://docs.0xinsider.com/authentication"
  }
}