We are now part of the NVIDIA Inception Program.Read the announcement
Documentation

Authentication

Secure your access to the MX4 Atlas API.

Last updated on February 2, 2026

The MX4 Atlas API uses API keys for authentication. You must include your API key in the `Authorization` HTTP header of every request.

Authorization Header

Include the API key in the standard Bearer token format:

bash
1Authorization: Bearer mx4-sk-YOUR_API_KEY

Handling API Keys

Security Warning

Your API key can perform any action on your account. Never share it, and never include it in client-side code (browsers, mobile apps).

We recommend loading your API key from environment variables.

best_practice.pypython
1import os
2import openai
3

4# Good: Load from environment
5client = openai.OpenAI(
6    api_key=os.environ.get("MX4_API_KEY"),
7    base_url="https://api.mx4.ai/v1"
8)

Authentication Errors

Status CodeError TypeDescription
401UnauthorizedYour API key is missing or invalid.
403ForbiddenYou don't have permission to access this resource or model.

Mutual TLS (mTLS)

For private cloud and air-gapped deployments, we support mutual TLS (mTLS) to ensure both client and server authenticate each other. This is required for TOP SECRET classified environments.

mtls_client.pypython
1import openai
2import os
3

4client = openai.OpenAI(
5    base_url="https://api.mx4.private/v1",
6    api_key=os.environ.get("MX4_API_KEY"),
7    # mTLS certificate paths
8    http_client=httpx.Client(
9        cert=("path/to/client.crt", "path/to/client.key"),
10        verify="path/to/ca.crt"
11    )
12)
13

14response = client.chat.completions.create(
15    model="mx4-atlas-core",
16    messages=[{"role": "user", "content": "Hello"}]
17)

Best Practices

Rotate Keys Regularly

Rotate your API keys every 90 days. Keep old keys for 30 days to allow for gradual rollover.

Use Environment Variables

Never hardcode API keys in your source code. Use environment variables or a secrets manager like Vault.

Audit Key Usage

Monitor API key usage and disable unused keys immediately. Review access logs regularly.

Troubleshooting

❌ "Invalid API Key" Error

Check that your key starts with mx4-sk-, contains no whitespace, and is passed in the Authorization header as Bearer {key}.

❌ "Forbidden" With Valid Key

Your account may not have access to the model you're requesting. Check the Model Garden to see which models are available in your region/plan.

❌ Certificate Errors (mTLS)

Verify that your client certificate is signed by the CA and has not expired. Run openssl x509 -in cert.crt -text -noout to inspect.