API Keys
Manage API keys for authenticating with the MemoryRelay API. Keys are prefixed with mem_prod_ and use SHA-256 hashing for secure storage. The full key is only returned once at creation time.
Each API key has a set of scopes that control what operations it can perform:
| Scope | Permissions |
|---|---|
read | List and retrieve resources |
write | Create and update resources |
delete | Delete resources |
admin | Manage API keys and account settings |
Create API Key
POST /v1/keys
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | Human-readable key name (max 255 characters) |
scopes | array | No | Key permissions (default: ["read", "write"]). Options: read, write, delete, admin |
expires_days | integer | No | Key expiration in days from now (1-365). Omit for no expiration |
daily_spend_limit_usd | float | No | Daily spending limit in USD (null = unlimited) |
monthly_spend_limit_usd | float | No | Monthly spending limit in USD (null = unlimited) |
Response 201 Created
{
"key": "mem_prod_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"key_info": {
"id": "k1a2b3c4-d5e6-7890-abcd-ef1234567890",
"name": "production-agent",
"key_prefix": "mem_prod_a1b",
"scopes": ["read", "write"],
"created_at": "2026-03-17T10:00:00Z",
"last_used_at": null,
"expires_at": "2027-03-17T10:00:00Z",
"revoked_at": null,
"deprecated_at": null,
"auto_revoke_at": null,
"is_active": true,
"daily_spend_limit_usd": null,
"monthly_spend_limit_usd": null,
"spend_info": null
}
}
The key field contains the full API key. Store it immediately -- it will never be shown again. Only the key_prefix is stored for identification.
curl
curl -X POST https://api.memoryrelay.net/v1/keys \
-H "Authorization: Bearer $MEMORYRELAY_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "production-agent",
"scopes": ["read", "write"],
"expires_days": 365
}'
Python SDK
from memoryrelay import MemoryRelay
client = MemoryRelay(api_key="mem_prod_...")
result = client.keys.create(
name="production-agent",
scopes=["read", "write"],
expires_days=365,
)
print(f"New key: {result.key}") # Store this securely!
print(f"Key ID: {result.key_info.id}")
List API Keys
GET /v1/keys
Lists all API keys for the authenticated user. The full key is never returned -- only the key_prefix for identification.
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
include_revoked | boolean | false | Include revoked keys in the listing |
Response
[
{
"id": "k1a2b3c4-d5e6-7890-abcd-ef1234567890",
"name": "production-agent",
"key_prefix": "mem_prod_a1b",
"scopes": ["read", "write"],
"created_at": "2026-03-17T10:00:00Z",
"last_used_at": "2026-03-17T14:32:00Z",
"expires_at": "2027-03-17T10:00:00Z",
"revoked_at": null,
"deprecated_at": null,
"auto_revoke_at": null,
"is_active": true,
"daily_spend_limit_usd": 5.0,
"monthly_spend_limit_usd": 100.0,
"spend_info": {
"daily_spend_usd": 1.23,
"daily_limit_usd": 5.0,
"monthly_spend_usd": 34.56,
"monthly_limit_usd": 100.0
}
}
]
curl
curl "https://api.memoryrelay.net/v1/keys?include_revoked=false" \
-H "Authorization: Bearer $MEMORYRELAY_API_KEY"
Python SDK
keys = client.keys.list()
for key in keys:
status = "active" if key.is_active else "revoked"
print(f"{key.key_prefix}... [{status}] {key.name} (scopes: {key.scopes})")
Revoke API Key
DELETE /v1/keys/{id}
Immediately and permanently revoke an API key. The key will stop working for authentication. This action is irreversible.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | UUID | API key ID |
Response
Returns 204 No Content on success.
curl
curl -X DELETE https://api.memoryrelay.net/v1/keys/k1a2b3c4-d5e6-7890-abcd-ef1234567890 \
-H "Authorization: Bearer $MEMORYRELAY_API_KEY"
Python SDK
client.keys.revoke("k1a2b3c4-d5e6-7890-abcd-ef1234567890")
For zero-downtime key rotation, use POST /v1/keys/{id}/rotate instead. This creates a new key while keeping the old one active during a configurable grace period (1-30 days), giving you time to update all clients.