- Workspace-scoped API auth for the standard
/v1/memories/*and workspace dashboard APIs - Cross-agent auth for
/v1/universal/*, where both an agent key and a user UUI token are required
Tenant API key format
Send your API key in theAuthorization header:
mem_ prefix.
Use exactly this header format:Wrong examples that triggerAUTH_001:
Cross-agent auth format
For the universal memory APIs, send two credentials together:agent_sk_...identifies the agent making the requestuui_...identifies the user who granted or denied access
agent_sk_... key is created when your workspace registers a global agent:
raw_agent_api_key once. Store it in your backend secret manager or environment variables.
If either header is missing or invalid, the universal APIs return:
403code: UAT_001
403code: UAT_002
Identity model
Every request combines:- Tenant identity from the API key
- End-user identity from
external_user_id
- Agent identity comes from
agent_sk_... - User identity comes from
uui_... - Permission scope comes from the active grant between that user and that agent
- Human identity comes from email plus OTP
- Consent session comes from a signed session token
- Agent API calls still use
agent_sk_...plusuui_...
Common authentication mistakes
| Mistake | What happens | Correct version |
|---|---|---|
| Sending the raw key only | AUTH_001 unauthorized | Authorization: ApiKey mem_... |
Using Bearer mem_... | AUTH_001 unauthorized | Authorization: ApiKey mem_... |
Calling /v1/universal/* with only one credential | UAT_001 cross_agent_auth_failed | Send both Authorization: ApiKey agent_sk_... and X-MemoryOS-UUI: uui_... |
| Using a revoked or expired UUI grant | Universal retrieve returns no memories or write is denied | Re-run the consent flow to create an active grant |
Asking users to remember raw uui_... tokens | Users lose access or get confused | Use email plus OTP in the consent app |
Forgetting external_user_id on tenant routes | REQ_422 or tenant resolution errors | Always include external_user_id in write and retrieve requests |
| Reusing a key from the wrong tenant | Data is scoped to the wrong workspace | Use one API key per tenant/workspace |
| Storing the key in browser code | Secret leaks to clients | Keep MemoryOS API keys server-side |
Key permissions
API keys store a permissions array. Current integrations commonly use these values:| Permission | Intended use |
|---|---|
read | Retrieve memories and read list/export data |
write | Add new memories and create ingestion jobs |
delete | Delete memories or perform GDPR-style cleanup operations |
admin | Internal or operational actions where a key needs broad control |
Cross-agent permission model
Agent API keys do not automatically grant access to user memories. For universal memory access, all of the following must be true:- the agent is active
- the user exists and has a valid
uui_...token - the user granted this specific agent access
- the memory category being accessed is inside
categories_allowed
Security best practices
Keep MemoryOS API keys on the server only.
- Load them from environment variables
- Rotate keys if they are exposed
- Use separate keys for dev, staging, and production
- Never commit keys to source control
- Never send MemoryOS API keys to the browser
- Never log
uui_...tokens in analytics or frontend error payloads- Treat
agent_sk_...keys like any other server-side credential