Mnemos AI
Developers

Authentication

The Mnemos API uses bearer tokens. Every request is scoped, audited, and bound to a tenant.

Bearer tokens

request
curl https://api.mnemos.ai/v1/sessions \
  -H "Authorization: Bearer mk_live_01HZX..." \
  -H "Content-Type: application/json"

Keys are prefixed by environment:

  • mk_live_ — production tenants.
  • mk_test_ — sandbox tenants. Identical surface, real data isolation.
  • mk_int_ — partner-issued integration keys.

Key types

See the API keys admin guide for full coverage. In short:

  • Workspace keys — service principal of a workspace.
  • User keys — bound to a user; capped at their role.
  • Integration keys — issued to a registered partner connector.

Scopes

A request that lacks the necessary scope returns 403 permission_denied with the missing scope named in detail.

error
{
  "type": "https://errors.mnemos.ai/permission_denied",
  "title": "Permission denied",
  "status": 403,
  "detail": "API key is missing the 'graph:write' scope.",
  "instance": "req_01HZX..."
}

SDKs

Official SDKs handle key rotation, retries, and signed-webhook verification:

install
npm install @mnemos/sdk
# or
pip install mnemos
# or
go get github.com/mnemos-ai/mnemos-go
typescript
import { Mnemos } from "@mnemos/sdk";

const mnemos = new Mnemos({ apiKey: process.env.MNEMOS_API_KEY! });

const answer = await mnemos.chat.ask({
  question: "How do we close month-end revenue?",
});
console.log(answer.citations);
Never expose live keys to the browser

The Mnemos API expects calls from server-side environments. For end-user interfaces, exchange your server-issued bearer for a short-lived session token via POST /v1/auth/session-token and use that in the browser.