Skip to main content
Surface: https://api.aegis-kyt.com/v2/* · Header: Authorization: Bearer aeg_<48 chars> · Channel: B2B partner / business account
The V2 surface uses a classic bearer-token scheme — one key per user account, scoped to your monthly quota. It is the right channel when you have an account relationship with Aegis and want predictable monthly bills instead of per-call USDC settlement. If you don’t have an account yet, use the x402 protocol instead — no account, no key, pay per call on Base.

Generate a key

  1. Sign in at app.aegis-kyt.com.
  2. Open Account → API.
  3. Click Generate key. The full 48-character aeg_… value is shown once — copy and store it in your secret manager.
aeg_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Server-side we only persist the SHA-256 hash + a four-character prefix (for display). If you lose the value, rotate (issue new + revoke old) — there is no recovery flow.

Use the key

Send Authorization: Bearer aeg_<key> on every paid call: 
curl -X POST https://api.aegis-kyt.com/v2/screen \
  -H "Authorization: Bearer aeg_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "address": "TScSLnUodZVsgoGchZspDoimDjDB9bwqVv",
    "network": "TRON"
  }'
OutcomeHTTP
Header missing401 missing_api_key
Unknown / revoked key401 invalid_api_key
Valid key, quota exhausted402 quota_exceeded
Valid key, quota OK200
The endpoints listed under V2 Public API in the sidebar all use this same header.

Inspect quota + history

curl -H "Authorization: Bearer aeg_YOUR_KEY_HERE" \
  "https://api.aegis-kyt.com/v2/me/usage"
Returns billing snapshot + paginated call history — see GET /v2/me/usage. The same data is shown in your kabinet at app.aegis-kyt.com/account?tab=api.

Rotate / revoke

In Account → API:
  • Generate a new key — issues a second active key; both work until you revoke the old one. This is the safe rotation path: deploy the new key, watch traffic, revoke the old key only after zero requests for ≥ 1h.
  • Revoke — invalidates immediately. In-flight requests in the same second may still succeed; everything after responds 401 invalid_api_key.
There is no time-bounded expiry. Keys live until you revoke them.

Security posture

  • The plaintext is shown once. Re-display is impossible.
  • The server stores only sha256(key) + the four-character prefix.
  • Logs never capture the full key — aeg_xxxx… is the most you’ll see in error traces.
  • A leaked key gives the attacker only the leaking user’s quota. No cross-tenant access, no other resources are reachable through the V2 surface.
If you suspect a leak, revoke immediately from the kabinet and re-issue. No support ticket required.

See also