Authentication

All API requests require authentication using an API key. Learn how to obtain, use, and secure your API keys.

API Key Authentication

The Memory Scope API uses API key authentication. Every request must include your API key in the X-API-Key header.

Security First

API keys are sensitive credentials. Never expose them in client-side code, commit them to version control, or share them publicly. Treat them like passwords.

Request Format

Authentication Header

curl -X POST https://api.memoryscope.dev/memory \
  -H 'X-API-Key: sk_test_...' \
  -H 'Content-Type: application/json' \
  -d '{...}'

Getting an API Key

To get started, you'll need to create an API key from the developer console.

1. Sign up for an account

Sign up is currently in closed beta. Visit the sign up page for more information, or sign in if you already have an account.

2. Access the Developer Console

Navigate to the Developer Console after signing in.

3. Create your API key

Click "Create API Key", enter a name, and copy the key immediately - you won't see it again!

4. Manage your keys

From the console, you can view, rotate, delete, and monitor usage for all your API keys.

API Key Format

API keys follow this format:

sk_test_abc123xyz789...

sk_ - Prefix indicating this is a secret key

test_ or live_ - Environment indicator (test for development, live for production)

abc123xyz789... - Unique identifier

Error Responses

401 Unauthorized

Returned when the API key is missing, invalid, or expired.

{
  "detail": "Invalid API key"
}

Common Issues

Missing X-API-Key header
Incorrect API key format
API key has been revoked or deleted
Using test key in production or vice versa
API key expired (if expiration is enabled)

Security Best Practices

Use Environment Variables: Never hardcode API keys. Always use environment variables or secure configuration management.
Rotate Keys Regularly: Rotate your API keys periodically, especially if you suspect they may have been compromised.
Use Different Keys for Different Environments: Use separate API keys for development, staging, and production.
Never Commit Keys: Add .env to your .gitignore and never commit API keys to version control.
Use SDKs: The official SDKs handle authentication automatically and securely. See Libraries for available SDKs.
Monitor Usage: Regularly review API key usage to detect any suspicious activity.
Revoke Compromised Keys: If you suspect a key has been compromised, revoke it immediately and create a new one.
Limit Key Permissions: When available, use keys with limited permissions for different parts of your application.