# OX API Authentication To start using OX API, you need to get a new API token. After that you can start sending requests. OX API requests are subject to rate limits per API key. | Limit type | Requests allowed | | ---------- | ----------------------- | | Hourly | 1,000 requests per hour | | Daily | 15,000 requests per day | If a limit is reached, additional requests are blocked until the time window resets. For example, if you have fewer remaining daily requests than hourly requests, the daily limit becomes the active limit. OX API responses include headers that indicate your current rate limit status. | Header | Description | | --------------------- | -------------------------------------------------------------------------------------- | | `RateLimit-HourLimit` | Maximum number of requests allowed per hour. | | `RateLimit-DayLimit` | Maximum number of requests allowed per day. | | `RateLimit-Limit` | The active rate limit. This is the limit that will be reached first (hourly or daily). | | `RateLimit-Remaining` | Number of remaining requests for the active limit. | | `RateLimit-Reset` | Number of seconds until the active limit resets. | The active limit is determined by the most restrictive constraint at the time of the request. ### On-prem API URL If your OX deployment is hosted on-prem, use your organization’s OX domain as the API base URL. Use the following format: `https:///api/apollo-gateway` Replace `` with the domain of your on-prem OX environment. The API path remains the same for both SaaS and on-prem deployments. Only the domain changes. ### API compatibility To help avoid breaking existing integrations, OX does not introduce breaking changes to existing queries or mutations. New APIs and fields may be added over time. Older APIs or fields may be marked as deprecated before they are retired. If a breaking change is ever required, customers should be notified in advance. ## **Step 1: Create a new API token \[OX]** 1. Go to **Settings > API Key Settings**. 2. In the **API Key Settings** page, select **CREATE API KEY**. 3. In the **Create API Key** box set the following and select **CREATE**. * **API Key Name:** Add a meaningful name that is easy to identify. It is good practice to include the key's intended purpose in the name. * **API Key Type:** Select **API Integration**. * **Expiration Date:** Until when you can use this key.
4. Copy the **API Key Secret** to be used when connecting to APIs. Save the key in a safe location. This is the only time when you can see and copy the actual key. 5. Select **CLOSE**. The new key appears in the **API Key Settings** page.
## Step 2: Send an authenticated request \[Postman] 1. In the **Postman**, add the collection and then: * Select request method `Post`. * Use the API URL: * SaaS: `https://api.cloud.ox.security/api/apollo-gateway` * On-prem: `https:///api/apollo-gateway` * In **Headers** > **Authorization**, add the OX API key.
2. In the **Body** section, add query and click **Send**.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ox.security/api-documentation/api-reference/ox-api-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.