Getting started
The API adds the standardized IPTC/PLUS AI-training opt-out field and checks whether an image carries it. It uses the same processing and verification code as the dashboard. The field records a machine-readable rights reservation and may deter some reuse; it is not a guarantee that AI systems will comply.
Plans and metering
Section titled “Plans and metering”| Availability | Pro and Lifetime plans |
| Add the signal | Counts one image against your issued key allowance |
| Protection safety limit | Up to 10,000 protection operations per account per month across paid workflows |
| Verify an image | No marking credit. Counts toward the image-check safety limit |
| Image-check safety limit | Up to 50,000 actual image checks per account per month |
| Max upload | 25 MB per image |
| Formats | JPEG, PNG, WebP |
API keys are issued by our team for approved integrations and shown once. Marking calls use one issued image credit and share the account’s monthly protection-operation limit. Verification calls use no marking credit, but share the monthly image-check safety limit.
Related launch limits also apply outside these two API endpoints: browser batches contain up to 25 images, repository scans are limited to 10 per user per day, and the opt-in private library is limited to 10 GB per account. A separate service-wide emergency ceiling of 250 repository scans per day can temporarily pause new repository scans for everyone. That ceiling is not an additional per-user allowance.
Base URL
Section titled “Base URL”The production base URL is https://api.noaishield.com. The site’s API page shows the base URL for the deployment you are currently using, so local and self-hosted development can still point clients at a different server.
Your first call
Section titled “Your first call”- Request API access from the public API page. The issued key is shown once, so store it safely.
- Add the opt-out field:
export NOAI_API_KEY=noai_your_key_here
curl -X POST https://api.noaishield.com/api/v1/protect \ -H "Authorization: Bearer $NOAI_API_KEY" \ -o response.json- Decode the result and save it under the returned filename:
python3 - <<'EOF'import base64, jsondata = json.load(open("response.json"))open(data["filename"], "wb").write(base64.b64decode(data["imageBase64"]))print("saved", data["filename"], "signals:", data["signals"])EOFThe produced file type can differ from the upload: pixel engines re-encode some formats (for example WebP in, PNG out), and mimeType/filename always describe the produced bytes. Always trust the response, not the input.
- Confirm the marked copy carries the field:
curl -X POST https://api.noaishield.com/api/v1/verify \ -H "Authorization: Bearer $NOAI_API_KEY" \# -> { "optedOut": true, "signals": ["iptc.dataMining"], "provenance": { ... }, "fingerprint": { ... }, "sha256": "..." }Next: Authentication for the key lifecycle, or Endpoints for the full reference.