Skip to main content
Memic uses API key authentication. Every request must include your key in the X-API-Key header: 
curl https://api.memic.ai/api/v1/me \
  -H "X-API-Key: mk_live_..."
If the header is missing or invalid, the API returns 401 Unauthorized.

Getting an API key

  1. Sign in to the Memic dashboard
  2. Navigate to your environment (for example production)
  3. Go to API Keys, click Create key
  4. Copy the key — it’s shown only once
Store API keys as secrets. Never commit them to source control. Use environment variables (MEMIC_API_KEY) or a secret manager.

What an API key represents

Every Memic API key is bound to exactly one environment. When Memic receives a request, it resolves the full context (organization, project, environment, folder access) from the key alone. That’s why endpoint URLs don’t take org_id, project_id, or environment_slug as path parameters. 
# You do this:
POST /api/v1/search

# Not this:
POST /api/v1/organizations/{org_id}/projects/{project_id}/environments/{slug}/search
Call GET /me to see exactly what context your key resolves to: 
{
  "organization_id": "fc4dab50-...",
  "organization_name": "Acme Corp",
  "project_id": "49d4ff53-...",
  "project_name": "Tech companies",
  "environment_id": "...",
  "environment_slug": "production"
}

Switching environments

Because each key is tied to one environment, switching environments means swapping keys — not changing URLs: 
# staging
client = Memic(api_key="mk_live_staging_...")

# production — same code, different key
client = Memic(api_key="mk_live_prod_...")
This is what makes Memic multi-tenant-safe by default: you can’t accidentally call a search endpoint against the wrong environment, because the key wouldn’t have access.

Rotating keys

Best practice:
  1. Create a new key in the dashboard
  2. Deploy it to your application
  3. Delete the old key
Memic does not enforce key expiration, but you should rotate keys at least annually, and immediately if you suspect a key has been compromised.

Revoking a compromised key

Deleting a key in the dashboard takes effect immediately. Any in-flight requests using the old key will complete, but new requests will return 401 Unauthorized within seconds.

Errors

Error response format and codes.

Core concepts

How environments isolate tenants.