API Key Authentication
Engramme uses API key authentication for the public memory API. Include your key in thex-api-key header on every authenticated request.
Getting an API Key
Create and manage API keys in app.engramme.com.1
Sign in
Sign in to the Engramme app with Google.
2
Open API key management
Create a key with a name and billing account. New keys are shown once, so copy the value before closing the dialog.
3
Choose source access
Select All Sources for broad access, or Specific Sources to restrict the key to selected source types.
4
Use the key
Store the key in an environment variable, such as
ENGRAMME_API_KEY, and send it with the x-api-key header.Header Format
Authenticated API requests require thex-api-key header:
Source Access
API keys can be scoped by source type:- All Sources: the key can access all supported source types.
- Specific Sources: the key can access only the selected source types.
- No File Access: no sources are selected, so the key has no file/source access.
403.
See Source Types for valid source_type values.
Example Requests
Security Best Practices
- Store API keys in environment variables or a secret manager.
- Make API calls from your backend; do not expose API keys in client-side JavaScript.
- Use separate keys for different apps, environments, or integrations.
- Use source-scoped keys when an app only needs one source type.
- Regenerate or delete keys you suspect are compromised. The default key cannot be deleted; regenerate it instead.

