> ## Documentation Index
> Fetch the complete documentation index at: https://docs.t0ken.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Authentication
> How to authenticate with the OpenMemoryX API
OpenMemoryX uses two authentication methods:
## 1. JWT Token (Portal)
Used for user portal authentication. The token is obtained after login and should be stored in LocalStorage.
```bash theme={null}
POST /api/auth/login
```
User email address
User password
### Response
```json theme={null}
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
}
```
### Using the Token
Include the token in the `Authorization` header:
```bash theme={null}
curl https://t0ken.ai/api/auth/me \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
```
## 2. API Key (API Requests)
Used for all API operations. Include your API key in the `X-API-Key` header.
### Obtaining an API Key
API keys are automatically created when you register. You can also create additional keys:
```bash theme={null}
POST /api/keys
```
### Using API Keys
```bash theme={null}
curl https://t0ken.ai/api/v1/memories \
-H "X-API-Key: omx_your_api_key_here"
```
Never expose your API key in client-side code. Use environment variables or secure key management.
## Authentication Errors
| Status | Error | Description |
| ------ | ----------------- | ------------------------------- |
| 401 | `Invalid token` | JWT token is invalid or expired |
| 401 | `Invalid API Key` | API key is invalid or revoked |
| 403 | `Forbidden` | Insufficient permissions |
## Security Best Practices
1. **Rotate keys regularly** - Delete old keys and create new ones periodically
2. **Use environment variables** - Never hardcode API keys
3. **Limit key exposure** - Create separate keys for different environments
4. **Monitor usage** - Check stats regularly for unexpected activity