Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.engramme.com/llms.txt

Use this file to discover all available pages before exploring further.

API Key Authentication

Engramme uses API key authentication for the public memory API. Include your key in the x-api-key header on every authenticated request. 
curl -X POST https://memorymachines-gateway-prod-btf57kda.uc.gateway.dev/v1/memorize \
  -H "x-api-key: $ENGRAMME_API_KEY" \
  -F "file=@document.txt" \
  -F "user_name=Jane Doe" \
  -F "source_type=text"
Keep your API key secure. Treat it like a password. Don’t commit it to version control or expose it in client-side code.

Getting an API Key

Create and manage API keys in app.engramme.com.
1

Sign in

Sign in to the Engramme app with Google.
2

Open API key management

Create a key with a name and billing account. New keys are shown once, so copy the value before closing the dialog.
3

Choose source access

Select All Sources for broad access, or Specific Sources to restrict the key to selected source types.
4

Use the key

Store the key in an environment variable, such as ENGRAMME_API_KEY, and send it with the x-api-key header.

Header Format

Authenticated API requests require the x-api-key header:
HeaderValue
x-api-keyYour API key

Source Access

API keys can be scoped by source type:
  • All Sources: the key can access all supported source types.
  • Specific Sources: the key can access only the selected source types.
  • No File Access: no sources are selected, so the key has no file/source access.
If a key is restricted and you use a source outside its allowed list, the API returns a 403. See Source Types for valid source_type values.

Example Requests

curl -X POST https://memorymachines-gateway-prod-btf57kda.uc.gateway.dev/v1/memories/recall \
  -H "x-api-key: $ENGRAMME_API_KEY" \
  -F "text=team meetings"

Security Best Practices

  • Store API keys in environment variables or a secret manager.
  • Make API calls from your backend; do not expose API keys in client-side JavaScript.
  • Use separate keys for different apps, environments, or integrations.
  • Use source-scoped keys when an app only needs one source type.
  • Regenerate or delete keys you suspect are compromised. The default key cannot be deleted; regenerate it instead.

Data Isolation

Each API key is associated with a user account. API keys can only access data available to that account and, when scoped, the selected source types. For limits, status codes, and retry behavior, see Errors and Limits.