Skip to main content

Authentication

All API requests require an API key passed via the Authorization header.

Obtaining an API Key

  1. Navigate to a project in the MemoryLake console
  2. Go to the API Keys tab
  3. Click “Create API Key”
  4. Copy the generated secret (format: sk_xxxxxx)
The API key secret is shown only once at creation. Store it securely — it cannot be retrieved again.

Using API Keys

Include the API key in the Authorization header: 
Authorization: Bearer YOUR_API_KEY

Example Request

curl -X GET 'https://app.memorylake.ai/openapi/memorylake/api/v1/projects/proj-a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6' \
  -H 'Authorization: Bearer sk_xxxxxx' \
  -H 'Content-Type: application/json'

Response

{
  "success": true,
  "data": {
    "id": "proj-a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
    "name": "Research Project",
    "description": "Q1 2024 research"
  }
}

Error Responses

401 Unauthorized

Returned when the API key is missing or invalid: 
{
  "success": false,
  "message": "Unauthorized access",
  "error_code": "UNAUTHORIZED"
}
Solutions:
  • Verify API key is included in Authorization header
  • Check header format: Bearer YOUR_KEY
  • Ensure key hasn’t been deleted
  • Generate new key if lost

403 Forbidden

Returned when authentication is valid but the API key lacks sufficient permissions: 
{
  "success": false,
  "message": "Access denied to this resource",
  "error_code": "FORBIDDEN"
}
Solutions:
  • Verify project ID is correct
  • Check API key is for the correct project
  • Ensure resource exists

Security Best Practices

  • Store API keys in environment variables
  • Never commit keys to version control
  • Use secrets management services
  • Rotate keys periodically
  • Create separate keys per environment
  • Use descriptive names for keys
  • Delete unused keys promptly
  • Monitor key usage
  • Always use HTTPS
  • Don’t log API keys
  • Implement request timeouts
  • Handle errors gracefully

Next Steps

Projects API

Start making API requests

Error Handling

Handle API errors