Skip to content

Getting started

The API adds the standardized IPTC/PLUS AI-training opt-out field and checks whether an image carries it. It uses the same processing and verification code as the dashboard. The field records a machine-readable rights reservation and may deter some reuse; it is not a guarantee that AI systems will comply.

Availability Pro and Lifetime plans
Add the signal Counts one image against your issued key allowance
Protection safety limit Up to 10,000 protection operations per account per month across paid workflows
Verify an image No marking credit. Counts toward the image-check safety limit
Image-check safety limit Up to 50,000 actual image checks per account per month
Max upload 25 MB per image
Formats JPEG, PNG, WebP

API keys are issued by our team for approved integrations and shown once. Marking calls use one issued image credit and share the account’s monthly protection-operation limit. Verification calls use no marking credit, but share the monthly image-check safety limit.

Related launch limits also apply outside these two API endpoints: browser batches contain up to 25 images, repository scans are limited to 10 per user per day, and the opt-in private library is limited to 10 GB per account. A separate service-wide emergency ceiling of 250 repository scans per day can temporarily pause new repository scans for everyone. That ceiling is not an additional per-user allowance.

The production base URL is https://api.noaishield.com. The site’s API page shows the base URL for the deployment you are currently using, so local and self-hosted development can still point clients at a different server.

  1. Request API access from the public API page. The issued key is shown once, so store it safely.
  2. Add the opt-out field:
Terminal window
export NOAI_API_KEY=noai_your_key_here
curl -X POST https://api.noaishield.com/api/v1/protect \
-H "Authorization: Bearer $NOAI_API_KEY" \
-o response.json
  1. Decode the result and save it under the returned filename:
Terminal window
python3 - <<'EOF'
import base64, json
data = json.load(open("response.json"))
open(data["filename"], "wb").write(base64.b64decode(data["imageBase64"]))
print("saved", data["filename"], "signals:", data["signals"])
EOF

The produced file type can differ from the upload: pixel engines re-encode some formats (for example WebP in, PNG out), and mimeType/filename always describe the produced bytes. Always trust the response, not the input.

  1. Confirm the marked copy carries the field:
Terminal window
curl -X POST https://api.noaishield.com/api/v1/verify \
-H "Authorization: Bearer $NOAI_API_KEY" \
# -> { "optedOut": true, "signals": ["iptc.dataMining"], "provenance": { ... }, "fingerprint": { ... }, "sha256": "..." }

Next: Authentication for the key lifecycle, or Endpoints for the full reference.

Strictly necessary storage remembers your choice. See the privacy policy for details.