Authentication#

Show me your ID, please 🪪

Every API request needs authentication. Think of it like a VIP pass to your AI memory party—no token, no entry!

Get Your API Token#

The 30-Second Method#

1. Visit dashboard.memof.ai/access-tokens
2. Click "Create New Token" (the big shiny button)
3. Copy your token (starts with moa_...)
4. Keep it secret, keep it safe 🧙‍♂️

Token Format#

Your token looks like this:

Notice the moa_ prefix? That stands for "Memory of Agents" (we're creative like that).

Using Your Token#

Header Authentication#

Add your token to the Authorization header with the Bearer prefix:

Authorization: Bearer moa_your_token_here

Complete Example#

curl -H "Authorization: Bearer moa_your_token_here" \
     -H "Content-Type: application/json" \
     https://api.memof.ai/api/workspaces/workspaces

Testing Your Token#

Is it working? Let's find out! 🔍

# This should return your workspaces
curl -H "Authorization: Bearer moa_your_token" \
     https://api.memof.ai/api/workspaces/workspaces

Success: You'll see a JSON response with your workspaces 🎉
Failure: You'll get a 401 error (token's invalid, sorry!) 😢

Common Authentication Errors#

401 Unauthorized#

{
  "error": {
    "code": "AUTHENTICATION_ERROR",
    "message": "Invalid or missing API token"
  }
}

Translation: Your token is wrong, missing, or you forgot the Bearer prefix.

403 Forbidden#

{
  "error": {
    "code": "FORBIDDEN",
    "message": "Insufficient permissions"
  }
}

Translation: Your token works, but you don't have permission for that action.

Security Best Practices#

DO ✅#

• Store tokens securely - Use environment variables
• Use HTTPS - We only accept HTTPS (localhost gets a pass)
• Rotate tokens regularly - New month, new token
• Different tokens for different environments - Dev, staging, production

DON'T ❌#

• Hardcode tokens - Git history never forgets
• Commit tokens - GitHub will yell at you
• Share tokens publicly - Seriously, don't
• Use production tokens in development - Keep them separated

Environment Variables#

The smart way to handle tokens:

# ~/.bashrc or ~/.zshrc
export MEMOFAI_API_TOKEN="moa_your_token_here"

# Then use it
curl -H "Authorization: Bearer $MEMOFAI_API_TOKEN" \
     https://api.memof.ai/api/workspaces/workspaces

Rate Limits#

We're generous, but not infinite 🎟️

• 1000 requests/hour - Per token
• 100 requests/minute - Burst limit

Rate limit headers in every response:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200

Token Management#

Creating Tokens#

Visit dashboard.memof.ai/access-tokens to create new tokens.

Revoking Tokens#

Compromised token? Revoke it instantly from the dashboard. All requests with that token will immediately fail.

Multiple Tokens#

You can create multiple tokens for:

• Different applications
• Different environments
• Different team members
• Testing and production

What's Next?#

Now that you're authenticated, time to:

• Create a Workspace - Your first step
• Build a Bot - Give it personality
• Store Memories - Make it smart

Remember: With great power comes great API tokens! 💪