Authentication
Learn how to authenticate with the Memoid API using API keys, JWT tokens, and workspace keys. Includes security best practices.
Memoid uses API keys to authenticate requests.
Getting Your API Key
- Log in to your dashboard
- Navigate to your project settings
- Copy your API key
Your key will look like:
mem_sk_live_xxxxxxxxxxxxxxxxxxxxUsing Your API Key
Include the key in the Authorization header:
curl -X POST https://api.memoid.dev/v1/memories
-H "Authorization: Bearer mem_sk_live_xxxx"
-H "Content-Type: application/json"
-d '{"messages": [...]}'Key Types
| Type | Prefix | Use Case |
|---|---|---|
| Live | mem_sk_live_ | Production applications |
| Test | mem_sk_test_ | Development and testing |
Test keys use isolated data and don’t count toward usage limits.
Security Best Practices
Never expose keys in client-side code
API keys should only be used server-side. Never include them in:
- JavaScript bundles
- Mobile app code
- Public repositories
Use environment variables
Store your API key in environment variables rather than hardcoding:
export MEMOID_API_KEY=mem_sk_live_xxxxRotate keys regularly
Generate new keys periodically and revoke old ones.
Use separate keys per environment
Create different keys for development, staging, and production.
Rate Limits
| Plan | Requests/minute | Memories/month |
|---|---|---|
| Free | 60 | 10,000 |
| Pro | 600 | 100,000 |
| Enterprise | Unlimited | Unlimited |
Rate limit headers are included in all responses:
X-RateLimit-Limit: Maximum requests per minuteX-RateLimit-Remaining: Requests remainingX-RateLimit-Reset: Timestamp when limit resets
Troubleshooting
401 Unauthorized
- Check that your API key is correct
- Ensure the key hasn’t been revoked
- Verify the
Authorizationheader format
429 Too Many Requests
- You’ve exceeded rate limits
- Wait for the reset time or upgrade your plan