Memo AIDocs

Authentication

How Memo AI API keys work — creating them, using them, scopes, rate limits and security.

The Memo AI Developer API uses API keys (personal access tokens). One key authenticates both the REST API and the MCP server.

Creating a key

In the web app, open Settings → API & MCP and click Create key. You'll see the full key once — copy it immediately and store it somewhere safe.

Create API key
  • Keys start with the mk_live_ prefix.
  • Only the key's suffix (last few characters) is stored for display — the key itself is hashed (SHA-256) and never recoverable. If you lose it, create a new one.
  • You can set an optional expiry date. After it passes, the key stops working.

Plan requirement

API & MCP access is available on Pro and Expert plans. Calls with a key on a plan without API access return 403 api_access_denied.

Using a key

Send the key as a Bearer token in the Authorization header:

curl https://app.memoai.tech/api/v1/developer/transcriptions \
  -H "Authorization: Bearer mk_live_your_key_here"

Never put keys in the URL

Passing a key as a query parameter is rejected with 401. URLs leak into logs, browser history and analytics — always use the Authorization header.

Scope: workspace-level

A key is bound to one workspace and acts on behalf of the member who created it:

  • It can read and export transcriptions in that workspace only.
  • Every member of a workspace can create their own keys.
  • A workspace OWNER can see (and revoke) all keys in the workspace; other members see only their own.
  • If the creating member loses access to the workspace, the key is automatically deactivated.

To work with multiple workspaces, create one key per workspace.

Rate limits

Limits are applied per key:

SurfaceLimit
Data endpoints (list / get / export / bulk)500 requests / minute
Key management (create / list / update / revoke)180 requests / minute

Exceeding a limit returns 429 Too Many Requests. Back off and retry after a short pause; don't hammer with automatic immediate retries.

Revoking a key

In Settings → API & MCP, delete a key to revoke it immediately. Any further request with that key returns 401. Revocation can't be undone — issue a new key to restore access.

Security best practices

  • Store keys as secrets — environment variables or a secrets manager, never in source control.
  • One key per integration so you can revoke a single one without breaking the others.
  • Set an expiry for short-lived or third-party use.
  • Rotate periodically: create the new key, switch your integration over, then delete the old one.
  • Scope down: use a dedicated workspace for an integration when it only needs a subset of data.

REST Quickstart

Make your first authenticated call to the Memo AI Developer API and get back real transcriptions.

Export meetings to Obsidian

Pull your Memo AI meetings into an Obsidian vault as Markdown with YAML frontmatter.

On this page

Creating a keyUsing a keyScope: workspace-levelRate limitsRevoking a keySecurity best practices