Authentication
API authentication methods. API keys, OAuth tokens, and agent tokens.
All Memax API requests require authentication. There are two authentication methods:
API keys
API keys are long-lived credentials for programmatic access. Generate them from the web app at Settings > API Keys.
curl -H "Authorization: Bearer mk_your_api_key_here" \
https://api.memaxlabs.com/v1/memoriesAPI keys:
- Start with
mk_ - Have full access to your account
- Don't expire (but can be revoked)
- Should never be committed to version control
API keys grant full access to your Memax account. Treat them like passwords. Use environment variables, not hardcoded values.
OAuth tokens
The CLI and web app use OAuth2 (GitHub or Google) to authenticate. The flow produces short-lived access tokens and long-lived refresh tokens.
| Token type | Lifetime | Use case |
|---|---|---|
| Access token | 1 hour | API requests |
| Refresh token | 30 days | Obtaining new access tokens |
OAuth tokens are managed automatically by the CLI (memax login) and web app. You typically don't need to handle them directly.
Agent tokens
For MCP servers and hooks, the CLI generates scoped tokens that are tied to a specific device and agent. These are managed automatically by memax setup and memax mcp serve.
Using the SDK
The SDK handles authentication for you:
import { MemaxClient } from "memax-sdk";
// API key
const memax = new MemaxClient({
apiKey: process.env.MEMAX_API_KEY!,
});
// All requests are automatically authenticated
const results = await memax.recall("query");Environment variables
| Variable | Description |
|---|---|
MEMAX_API_KEY | API key for authentication |
MEMAX_API_URL | Custom API base URL |