Authentication
API keys and security best practices
Learn how to authenticate with the Memory API, manage API keys, and implement security best practices for your applications.
API Key Authentication
All requests to the Memory API must include your API key in the Authorization header using the Bearer token format:
Authorization: Bearer YOUR_API_KEY// Using fetch
const response = await fetch('https://api.aisnapbuild.com/v1/memory', {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.AISNAPBUILD_API_KEY}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
content: "User prefers dark mode",
entityId: "user_123"
})
});
// Using the SDK (recommended)
import { MemoryClient } from '@aisnapbuild/memory';
const memory = new MemoryClient({
apiKey: process.env.AISNAPBUILD_API_KEY
});Getting Your API Key
- 1
Sign in to your dashboard
Go to aisnapbuild.com/dashboard and sign in with your account.
- 2
Navigate to API Keys
Click on "Settings" in the sidebar, then select the "API Keys" tab.
- 3
Generate a new key
Click "Generate New Key", give it a name, and select the appropriate permissions. Copy your key immediately—it won't be shown again.
Security Best Practices
Never expose in client code
API keys should only be used in server-side code. Never include them in browser JavaScript, mobile apps, or public repositories.
Use environment variables
Store API keys in environment variables (e.g., AISNAPBUILD_API_KEY) rather than hardcoding them in your codebase.
Rotate keys regularly
Generate new API keys periodically and revoke old ones. This limits exposure if a key is compromised.
Use scoped keys
Create separate API keys for different environments (development, staging, production) with appropriate permissions.
Important Security Note
If you believe your API key has been compromised, revoke it immediately from your dashboard and generate a new one. All requests using the old key will be rejected.
Key Rotation
To rotate your API key without downtime, follow these steps:
- 1.Generate a new API key from your dashboard
- 2.Update your environment variables with the new key
- 3.Deploy your application with the new key
- 4.Verify the new key is working correctly
- 5.Revoke the old API key from your dashboard
Rate Limits
API rate limits are based on your subscription plan. Exceeding these limits will result in429 Too Many Requests responses.
| Plan | Requests/min | Burst |
|---|---|---|
| Free | 100/min | 10/sec |
| Developer | 1,000/min | 50/sec |
| Scale | 10,000/min | 200/sec |
| Enterprise | Custom | Custom |
Authentication Errors
Missing or invalid API key. Check that your Authorization header is correctly formatted.
Your API key doesn't have permission for this operation. Check your key's scopes.
You've exceeded your rate limit. Back off and retry with exponential backoff.