API Keys

API keys authenticate your agent’s requests to HyperMemory. Every request must include a valid key.

What is an API key?

An API key is a unique token that:

Identifies your account — Links requests to your HyperMemory subscription
Authorizes access — Determines what operations you can perform
Tracks usage — Associates queries with your billing

API keys look like this:

hm_live_abc123xyz456def789ghi012jkl345mno678

Creating an API key

Step 1: Open the dashboard

Go to app.hypermemory.io and sign in.

Step 2: Navigate to API Keys

Click Settings → API Keys in the sidebar.

Step 3: Create a new key

Click Create New Key
Enter a descriptive name (e.g., “Production Agent”, “Development Testing”)
Select the scopes you need (see Scopes & Permissions)
Click Create

Step 4: Copy your key

Your key is shown only once. Copy it immediately and store it securely. You cannot retrieve it later.

Using your API key

Include your key in the Authorization header of every request:

Authorization: Bearer hm_live_abc123xyz...

Configuration examples

Claude
Python
cURL

{
  "mcpServers": {
    "hypermemory": {
      "type": "url",
      "url": "https://api.hypermemory.io/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

import os
import httpx

response = httpx.post(
    "https://api.hypermemory.io/mcp",
    headers={
        "Authorization": f"Bearer {os.environ['HYPERMEMORY_API_KEY']}"
    },
    json=payload
)

curl -X POST https://api.hypermemory.io/mcp \
  -H "Authorization: Bearer $HYPERMEMORY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call",...}'

Key prefixes

API keys have prefixes that indicate their environment:

Prefix	Environment	Usage
`hm_live_`	Production	Live applications, real data
`hm_test_`	Testing	Development, CI/CD, experiments

Test keys work with a sandbox environment that doesn’t affect your production data or billing (queries still count against limits for testing purposes).

Security best practices

Never commit keys to version control

❌ Bad:

API_KEY = "hm_live_abc123..."  # Hardcoded

✅ Good:

API_KEY = os.environ["HYPERMEMORY_API_KEY"]  # Environment variable

Use environment variables

macOS/Linux
Windows
.env file

# Add to ~/.bashrc or ~/.zshrc
export HYPERMEMORY_API_KEY="hm_live_abc123..."

Use secrets management in production

For production deployments, use proper secrets management:

AWS — AWS Secrets Manager or Parameter Store
GCP — Secret Manager
Azure — Key Vault
Kubernetes — Secrets
Docker — Docker secrets

Rotate keys periodically

Even if not compromised, rotate keys on a schedule:

Create a new key
Update all applications to use the new key
Verify everything works
Revoke the old key

Use least-privilege scopes

Only request the scopes your application needs:

Read-only agents → memory:read only
Full agents → memory:read + memory:write
Admin tools → add memory:admin

See Scopes & Permissions for details.

Key limits by plan

Plan	Max Keys
Free	1
Developer	5
Pro	20
Enterprise	Unlimited

Troubleshooting

401 Unauthorized

Your key is invalid or missing:

Check for typos (extra spaces, missing characters)
Verify the key hasn’t been revoked
Ensure format is Bearer KEY (with space)

403 Forbidden

Your key doesn’t have the required scope:

Check the operation’s required scope in the API reference
Create a new key with the needed scope
Or request additional scopes for existing key

Next steps

Managing Keys

View, rotate, and revoke keys

Scopes & Permissions

Understand what each scope allows