> ## Documentation Index
> Fetch the complete documentation index at: https://docs.engramme.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Source Access

> Use all-source or source-scoped API keys

Source access controls which kinds of data an API key can use. Use this to create least-privilege keys for integrations and apps.

## Access Modes

| Mode                 | Meaning                                                                                                |
| -------------------- | ------------------------------------------------------------------------------------------------------ |
| **All Sources**      | The key can access all supported source types. Use this for quickstarts and trusted backend services.  |
| **Specific Sources** | The key can access only selected source types. Use this for app-specific or integration-specific keys. |
| **No File Access**   | No sources are selected, so the key has no file/source access.                                         |

When a request uses a source outside the key's allowed list, the API returns `403`.

## Source Type vs Integration

`source_type` is the value stored with memory data, such as `text`, `email`, `github`, or `google_meets`.

Some app integrations have provider names that differ from API source types. For example, hosted integrations are connected in the Engramme app, while API uploads should use the source IDs listed in [Source Types](/reference/source-types).

## Recommendations

* Use **All Sources** while testing.
* Use **Specific Sources** for production apps that only need one data type.
* Use separate keys for separate apps or environments.
* Include `text` access for the quickstart examples.
