API overview
The public REST API exposes the same audit engine that powers the web app. Use it to run audits from your own tools, gate deploys on AI readiness, or feed results into dashboards.
Who can use it
API access is included with every Premium subscription at no extra cost. You create keys from Account settings → API access on the web app.
Base URL
https://app.nyman.media/api/v1Authentication
Every request must include your API key as a bearer token. Keys always start with nmav_live_.
Authorization: Bearer nmav_live_...Keys are tied to a single user. When that user cancels or downgrades, their keys immediately return 402 Payment Required. Resubscribing restores access without needing to re-issue keys. See API keys for rotation and revocation.
Quotas
API calls share your Premium daily audit quota with the web app. They are not billed separately. Every response includes standard rate-limit headers:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 97
X-RateLimit-Reset: 17832X-RateLimit-Reset is the number of seconds until the daily counter resets at UTC midnight. Once the quota is exhausted, further calls return 429 Too Many Requests.
Error codes
400: invalid request body (e.g. missing or malformed URL).401: missing, unknown, or revoked API key.402: the key's owner is not on a Premium plan.429: daily audit quota exhausted.502: upstream audit engine failure. Safe to retry after a short backoff.
Next steps
- API reference: request and response schemas for each endpoint.
- CLI: drop-in wrapper you can run with
npx. - MCP server: connect Claude Desktop, Cursor, and other MCP clients to the same engine.
- CI/CD recipes: GitHub Actions, GitLab CI, and CircleCI snippets.