Authentication

All API requests require authentication using an API key. This guide explains how to obtain and use API keys securely.

API Key Authentication

The Memory Scope API uses API key authentication. Every request must include your API key in the X-API-Key header.

Security First

API keys are sensitive credentials. Never expose them in client-side code, commit them to version control, or share them publicly. Treat them like passwords.

Getting an API Key

To get started, you'll need to create an API key from the developer console.

Step 1: Sign Up

Sign up is currently in closed beta. Visit the sign up page for more information, or sign in if you already have an account.

Step 2: Access the Developer Console

After signing in, navigate to the Developer Console to manage your API keys and account settings.

Step 3: Create Your API Key

In the Developer Console:

Click the "Create API Key" button
Enter a descriptive name for your key (e.g., "Production Key" or "Development Key")
Click "Create Key"
Important: Copy the key immediately - you won't be able to see it again!

Managing Your API Keys

From the Developer Console, you can:

View all your API keys and their usage statistics
Rotate keys when needed for security
Delete keys that are no longer in use
Monitor rate limits and usage per key
Set expiration dates for keys

Using API Keys

Include your API key in the X-API-Key header with every request.

API Key Usage

curl -X POST https://api.memoryscope.dev/memory \
  -H 'X-API-Key: sk_test_...' \
  -H 'Content-Type: application/json' \
  -d '{
    "user_id": "user123",
    "scope": "preferences",
    "domain": "food",
    "source": "explicit_user_input",
    "value_json": {
      "likes": ["pizza", "sushi"]
    }
  }'

Environment Variables

Store your API key in environment variables for security. Never hardcode API keys in your source code.

Environment Variables

# .env file
MEMORY_SCOPE_API_KEY=sk_test_...

# In your code
import os
from memory_scope import MemoryScopeClient

api_key = os.getenv("MEMORY_SCOPE_API_KEY")
client = MemoryScopeClient(api_key=api_key)

API Key Format

API keys follow this format:

sk_test_abc123xyz789...

sk_ - Prefix indicating this is a secret key
test_ or live_ - Environment indicator
abc123xyz789... - Unique identifier

Error Responses

401 Unauthorized

Returned when the API key is missing, invalid, or expired.

{
  "detail": "Invalid API key"
}

Common Issues

Missing X-API-Key header
Incorrect API key format
API key has been revoked or deleted
Using test key in production or vice versa

Best Practices

Use Environment Variables: Never hardcode API keys. Always use environment variables or secure configuration management.
Rotate Keys Regularly: Rotate your API keys periodically, especially if you suspect they may have been compromised.
Use Different Keys for Different Environments: Use separate API keys for development, staging, and production.
Never Commit Keys: Add .env to your .gitignore and never commit API keys to version control.
Use SDKs: The official SDKs handle authentication automatically and securely. See Libraries for available SDKs.
Monitor Usage: Regularly review API key usage to detect any suspicious activity.
Revoke Compromised Keys: If you suspect a key has been compromised, revoke it immediately and create a new one.

Next Steps

Storing Memories →Reading Memories →API Reference →