Authentication

The Memstate API uses API key authentication. Every request must include a valid API key.

Getting an API Key

Sign up at memstate.ai
Navigate to Dashboard → API Keys
Click “Create API Key” and give it a descriptive name
Copy the key immediately — it won't be shown again

Keep your API key secret

Never expose your API key in client-side code, public repositories, or browser requests. Use environment variables and server-side code to make API calls.

Using Your API Key

Include your API key in every request using one of these headers:

Option 1: X-API-Key Header (Recommended)

curl

curl -X POST https://api.memstate.ai/api/v1/memories/search \
  -H "Content-Type: application/json" \
  -H "X-API-Key: mst_your_api_key_here" \
  -d '{"query": "authentication setup"}'

Option 2: Authorization Bearer

curl

curl -X POST https://api.memstate.ai/api/v1/memories/search \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer mst_your_api_key_here" \
  -d '{"query": "authentication setup"}'

Language Examples

Python

import requests

API_KEY = "mst_your_api_key_here"
BASE_URL = "https://api.memstate.ai/api/v1"

headers = {
    "Content-Type": "application/json",
    "X-API-Key": API_KEY,
}

# Store a memory
response = requests.post(
    f"{BASE_URL}/memories/remember",
    headers=headers,
    json={
        "content": "Users authenticate via OAuth2 with Google",
        "keypath": "auth.oauth",
        "project_id": "my-app",
    },
)
print(response.json())

JavaScript / TypeScript

const API_KEY = process.env.MEMSTATE_API_KEY;
const BASE_URL = "https://api.memstate.ai/api/v1";

// Store a memory
const response = await fetch(`${BASE_URL}/memories/remember`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "X-API-Key": API_KEY,
  },
  body: JSON.stringify({
    content: "Users authenticate via OAuth2 with Google",
    keypath: "auth.oauth",
    project_id: "my-app",
  }),
});

const data = await response.json();
console.log(data);

package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "net/http"
)

func main() {
    apiKey := "mst_your_api_key_here"
    baseURL := "https://api.memstate.ai/api/v1"

    body, _ := json.Marshal(map[string]string{
        "content":    "Users authenticate via OAuth2 with Google",
        "keypath":    "auth.oauth",
        "project_id": "my-app",
    })

    req, _ := http.NewRequest("POST", baseURL+"/memories/remember", bytes.NewBuffer(body))
    req.Header.Set("Content-Type", "application/json")
    req.Header.Set("X-API-Key", apiKey)

    resp, err := http.DefaultClient.Do(req)
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()

    fmt.Println("Status:", resp.StatusCode)
}

Multi-Tenant Isolation

Each API key is associated with an owner. All data operations are automatically scoped to that owner, ensuring complete isolation between accounts. You cannot access another user's memories, even if you know the memory ID.

Error Responses

401 Unauthorized

{
  "error": "Invalid or missing API key"
}

This error occurs when the API key is missing, invalid, expired, or revoked. Check that you're including the correct header and that the key is still active in your dashboard.

Rate Limits

Rate limits depend on your plan. See the pricing page for details. When you exceed your rate limit, the API returns a 429 Too Many Requests status.