Skip to main content

API Key Authentication

Memory Machines uses API key authentication. Include your API key in the x-api-key header with every request. 
curl -X POST https://memorymachines-core-api-mvp-gateway-6v1lw71z.uc.gateway.dev/v1/memorize \
  -H "x-api-key: your_api_key_here" \
  -F "file=@document.txt" \
  -F "user_name=John Doe"
Keep your API key secure. Treat it like a password. Don’t commit it to version control or expose it in client-side code.

Getting an API Key

API keys are currently issued manually during the beta period.
1

Request Access

Email support@memorymachines.ai with:
  • Your name
  • Company/use case
  • Expected usage volume
2

Receive Your Key

We’ll provision your account and send your API key securely.
3

Test Your Key

Verify it works:
curl https://memorymachines-core-api-mvp-gateway-6v1lw71z.uc.gateway.dev/v1/health

Using Your API Key

Header Format

All authenticated requests require the x-api-key header:
HeaderValue
x-api-keyYour API key

Example Requests

curl -X POST https://memorymachines-core-api-mvp-gateway-6v1lw71z.uc.gateway.dev/v1/memories/ask \
  -H "x-api-key: mm_live_abc123..." \
  -F "text=What happened last week?"

Security Best Practices

Environment Variables

Store your API key in environment variables, not in code.
export MEMORYMACHINES_API_KEY=mm_live_...

Server-Side Only

Never expose your API key in client-side JavaScript. Make API calls from your backend.

Rotate if Compromised

If you suspect your key is compromised, contact us immediately for a new one.

One Key Per App

Use separate API keys for development and production environments.

Rate Limits

LimitValue
Requests per minute1,000
Max file size10 MB
Max query length1,000 characters
When you exceed rate limits, you’ll receive a 429 Too Many Requests response: 
{
  "detail": "Rate limit exceeded. Please retry after 60 seconds."
}
Implement exponential backoff in your application to handle rate limits gracefully.

Error Responses

401 Unauthorized

Your API key is missing or invalid. 
{
  "detail": "Invalid API key"
}
Solutions:
  • Verify the x-api-key header is included
  • Check for typos in your API key
  • Ensure your key hasn’t been revoked

403 Forbidden

Your API key is valid but you don’t have permission for this resource. 
{
  "detail": "You do not have permission to access this memory"
}
Solutions:
  • Verify you’re accessing your own data
  • Contact support if you believe this is an error

Data Isolation

Each API key is associated with a single user account. Your data is completely isolated:
  • Encryption: All your data is encrypted with a unique key tied to your account
  • Namespace: Your memories are stored in a separate namespace
  • Access Control: You can only access your own documents and memories
Memory Machines uses envelope encryption with Google Cloud KMS. Your encryption key never leaves Google’s infrastructure.