Authentication

Memsolus uses API keys for all authentication. API keys are scoped, revocable, and support granular permissions.

Creating an API Key

1

Sign in to the dashboard

Log in at memsolus.com and navigate to Settings → API Keys.

2

Create a new key

Click New API Key and give it a descriptive name — for example, production-agent or crm-integration.

Select only the permissions your integration actually needs. Avoid creating keys with full access unless required.

3

Copy and store the key

The key is shown only once immediately after creation. Copy it and store it in a secrets manager or environment variable.

export MEMSOLUS_API_KEY="msk_live_..."

Keys starting with msk_live_ are production keys. Test keys start with msk_test_.

---

Using the Key

Pass your API key in the X-Api-Key header on every request:

curl https://api.memsolus.com/v1/memories \
  -H "X-Api-Key: msk_live_..."

import { Memsolus } from '@memsolus/sdk';

const client = new Memsolus({ apiKey: 'msk_live_...' });

// MCP server config
{
  "mcpServers": {
    "memsolus": {
      "command": "npx",
      "args": ["-y", "@memsolus/mcp"],
      "env": {
        "MEMSOLUS_API_KEY": "msk_live_..."
      }
    }
  }
}

---

Permissions

Each API key is scoped to one or more permissions. A key without the required permission receives 403 Forbidden.

Permission	What it allows
memory.read	List, search, and view memories
memory.write	Create and update memories
memory.delete	Delete memories
knowledge.read	View knowledge entries
knowledge.write	Create and update knowledge entries
knowledge.delete	Delete knowledge entries
export.read	List and download exports
export.write	Create export jobs
ingest.read	View ingestion job status
ingest.write	Submit files and URLs for ingestion
webhook.read	List webhooks and delivery history
webhook.write	Create and update webhooks
webhook.delete	Delete webhooks
dashboard.read	View usage statistics and alerts

---

Best Practices

• Use a separate key per integration — if a key is compromised, you can revoke it without affecting other services
• Grant minimum permissions — only add the permissions your integration actually uses
• Rotate keys regularly — create a new key, update your integration, then revoke the old one
• Never share keys — do not commit keys to source control or share them in chat messages
• Use environment variables — store the key in MEMSOLUS_API_KEY or your secrets manager, not hardcoded in code

---

API Reference

Full authentication API reference

→

SDK Quickstart

Authenticate in the SDK

→

MCP Configuration

Authenticate the MCP server

→