Capture endpoints use network-layer IP allowlisting as the sole authentication mechanism. There are no API keys, bearer tokens, or request signatures.Documentation Index
Fetch the complete documentation index at: https://docs.nexroute.io/llms.txt
Use this file to discover all available pages before exploring further.
Setup
During onboarding, you provide the source IPs from which your service will POST submissions. nexroute restricts the partner endpoint to those IPs at the network layer. Requests from any other source are dropped before they reach the application.Why no application-layer auth
- Each partner has a dedicated endpoint with a small, known set of source IPs. The IP allowlist is sufficient
- Eliminates the ongoing burden of key rotation, secret storage, and compromise response
- The signed transaction itself is cryptographic authentication for the underlying user intent
Operational notes
- Coordinate IP changes in advance. Surprise IP rotations from your infrastructure will be rejected at the network layer until the allowlist is updated. Plan rollouts and notify nexroute beforehand.
- The endpoint is not exposed to the public internet outside the allowlisted perimeter. There is no health probe or open response from non-allowed IPs.
- Allowlist scope. Allowlists are scoped per-endpoint. Other partners’ endpoints are independently restricted; an IP allowed on yours has no access to anyone else’s.