Skip to main content
POST
/
api-keys
Create a personal API key
curl --request POST \
  --url https://api.mnemom.ai/v1/api-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Default",
  "scopes": [
    "gateway",
    "api:read",
    "api:write"
  ]
}
'
{
  "key_id": "<string>",
  "key": "<string>",
  "key_prefix": "<string>",
  "name": "<string>",
  "org_id": "<string>",
  "scopes": [],
  "created_at": "2023-11-07T05:31:56Z",
  "last_used_at": "2023-11-07T05:31:56Z"
}

Documentation Index

Fetch the complete documentation index at: https://docs.mnemom.ai/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Supabase JWT token in Authorization: Bearer header

Body

application/json
name
string
default:Default

Friendly name for the key (e.g., "ci-prod", "local-dev"). Capped at 100 characters; longer names are truncated server-side.

Maximum string length: 100
scopes
enum<string>[]

Capability set for this key. If omitted, the API substitutes the default. Admin scopes (admin:org, admin:platform) are gated by the requester's current role and return HTTP 403 at mint time if the requester is not eligible.

Capability-based scope (ADR-049). gateway permits gateway-worker traffic; api:read and api:write permit identity-scoped GET and write endpoints respectively; admin:org permits org-admin operations on orgs the bearer owns/admins (per-request membership re-check); admin:platform permits /v1/admin/* Mnemom-staff operations (per-request staff-role re-check). The legacy api scope is accepted for backward compatibility and aliased to api:read + api:write at the auth gate; new keys should use the canonical vocabulary.

Available options:
gateway,
api:read,
api:write,
admin:org,
admin:platform,
api

Response

API key created (secret shown once)

key_id
string
key
string

Full secret key, only returned on creation

key_prefix
string
name
string
org_id
string | null
scopes
enum<string>[]

Capabilities granted to this key. Default for new keys is ["gateway", "api:read", "api:write"]. Admin scopes (admin:org, admin:platform) are opt-in and gated by the requester's role at mint time. See API Keys → Scope vocabulary.

Capability-based scope (ADR-049). gateway permits gateway-worker traffic; api:read and api:write permit identity-scoped GET and write endpoints respectively; admin:org permits org-admin operations on orgs the bearer owns/admins (per-request membership re-check); admin:platform permits /v1/admin/* Mnemom-staff operations (per-request staff-role re-check). The legacy api scope is accepted for backward compatibility and aliased to api:read + api:write at the auth gate; new keys should use the canonical vocabulary.

Available options:
gateway,
api:read,
api:write,
admin:org,
admin:platform,
api
created_at
string<date-time>
last_used_at
string<date-time> | null