Skip to main content
OpenMemoryX uses two authentication methods:

1. JWT Token (Portal)

Used for user portal authentication. The token is obtained after login and should be stored in LocalStorage. 
POST /api/auth/login
username
string
required
User email address
password
string
required
User password

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer"
}

Using the Token

Include the token in the Authorization header: 
curl https://t0ken.ai/api/auth/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

2. API Key (API Requests)

Used for all API operations. Include your API key in the X-API-Key header.

Obtaining an API Key

API keys are automatically created when you register. You can also create additional keys: 
POST /api/keys

Using API Keys

curl https://t0ken.ai/api/v1/memories \
  -H "X-API-Key: omx_your_api_key_here"
Never expose your API key in client-side code. Use environment variables or secure key management.

Authentication Errors

StatusErrorDescription
401Invalid tokenJWT token is invalid or expired
401Invalid API KeyAPI key is invalid or revoked
403ForbiddenInsufficient permissions

Security Best Practices

  1. Rotate keys regularly - Delete old keys and create new ones periodically
  2. Use environment variables - Never hardcode API keys
  3. Limit key exposure - Create separate keys for different environments
  4. Monitor usage - Check stats regularly for unexpected activity