Skip to main content

Authentication Methods

MemoryLake API supports two authentication methods:

1. Session Authentication

For web applications where users log in:
  • Session cookies automatically included
  • No additional headers needed
  • Inherits user permissions

2. API Key Authentication (MCP Servers)

For external applications and AI models:
  • Use API keys generated in projects
  • Include in Authorization header
  • Project-scoped access

API Key Authentication

Obtaining an API Key

  1. Navigate to a project
  2. Go to MCP Servers tab
  3. Click “Add MCP Server”
  4. Copy the generated secret
See Creating API Keys for details.

Using API Keys

Include API key in Authorization header: 
Authorization: Bearer YOUR_API_KEY

Example Request

curl -X GET 'https://app.memorylake.ai/api/memorylake/api/v1/projects/proj_123' \
  -H 'Authorization: Bearer mlk_secret_abc123xyz...' \
  -H 'Content-Type: application/json'

Response

{
  "success": true,
  "data": {
    "id": "proj_123",
    "name": "Research Project",
    "description": "Q1 2024 research"
  }
}

Error Responses

401 Unauthorized

API key missing or invalid: 
{
  "success": false,
  "message": "Unauthorized access",
  "code": "UNAUTHORIZED"
}
Solutions:
  • Verify API key is included in Authorization header
  • Check key format: Bearer YOUR_KEY
  • Ensure key hasn’t been deleted
  • Generate new key if lost

403 Forbidden

Valid authentication but insufficient permissions: 
{
  "success": false,
  "message": "Access denied to this resource",
  "code": "FORBIDDEN"
}
Solutions:
  • Verify project ID is correct
  • Check API key is for the correct project
  • Ensure resource exists

Security Best Practices

  • Store API keys in environment variables
  • Never commit keys to version control
  • Use secrets management services
  • Rotate keys periodically
  • Create separate keys per environment
  • Use descriptive names for keys
  • Delete unused keys promptly
  • Monitor key usage
  • Always use HTTPS
  • Don’t log API keys
  • Implement request timeouts
  • Handle errors gracefully

Next Steps

MCP Servers

Learn about API key generation

Drives API

Start making API requests

Error Handling

Handle API errors