Skip to main content
Every /v1/ltl/* and /v1/abc/* endpoint requires an X-API-Key header. Keys are issued through RapidAPI in the MVP phase — the same key works whether you call RapidAPI’s gateway or api.nexusfeed.dev directly.

Header format

X-API-Key: <your-api-key>
Keys are 32+ URL-safe characters, prefixed with a live_ or test_ tag depending on environment. Plaintext keys are shown exactly once, at creation time. NexusFeed stores only the SHA-256 hash — if you lose the key, you must rotate it.
Never commit keys to git. For local development, keep them in a .env file. For production, inject via the environment variable convention your platform uses (MCP_API_KEY, NEXUSFEED_API_KEY, X_API_KEY — pick one).

Product scoping

A single key may be scoped to LTL only, ABC only, or both. If your key only has LTL access and you call /v1/abc/search, you’ll get: 
{
  "detail": {
    "error": "PRODUCT_NOT_ENABLED",
    "message": "This API key does not have access to the abc product"
  }
}
Status code: 403. Fix: subscribe to the other product’s RapidAPI listing.

Rate limit

The default limit is 60 requests per minute per tenant, enforced with a Redis fixed-window counter. Exceeding it returns 429 Too Many Requests: 
{
  "detail": {
    "error": "RATE_LIMITED",
    "message": "Rate limit exceeded: 60 requests per minute"
  }
}
If you need a higher limit for production traffic, ask — limits are per-tenant and adjustable without touching code.
The rate limiter fails open. If Redis is unreachable, requests pass through unthrottled rather than blocking availability. This is a deliberate trade-off to keep the API up during infrastructure incidents.

Error contract

All errors return a JSON body with an error code and a human-readable message.
StatusError codeMeaning
401UNAUTHORIZEDMissing, malformed, or inactive API key
403PRODUCT_NOT_ENABLEDKey does not have access to the requested product (LTL vs ABC)
404NOT_FOUNDCarrier code, state code, or license number not supported
422MISSING_PARAMSAt least one of dba_name, owner_name, or address is required on /v1/abc/search
429RATE_LIMITEDRate limit exceeded
503SOURCE_UNAVAILABLEUpstream source returned an error or extraction failed
503CAPTCHA_SOLVER_NOT_CONFIGUREDTX TABC requires server-side 2Captcha configuration

Security notes

  • Every response includes a request_id in the X-Request-ID response header. Quote it in support requests.
  • Usage is logged server-side for 13 months to a Redis sorted set keyed by tenant ID. This enables monthly billing reconciliation and abuse investigation — we do not log request contents, only method, path, and status.
  • The plaintext API key is never retrievable after creation. If you lose it, rotate it via the /v1/admin/keys endpoint (private admin API) or through RapidAPI’s dashboard.