Skip to main content
Every Memory Crystal API endpoint requires an API key passed as a Bearer token. This page explains how to get a key and how to include it correctly in your requests.

Getting an API key

1

Sign up

Create an account at memorycrystal.ai if you don’t have one.
2

Open the dashboard

Go to memorycrystal.ai/dashboard and sign in.
3

Create an API key

Navigate to Settings → API Keys and click New key. Give it a descriptive name (for example, production or my-agent).Copy the key immediately — it is shown only once. Memory Crystal stores only a SHA-256 hash of the plaintext key, so it cannot be retrieved again after you close the dialog.
Your API key grants full access to your memory data. Do not commit it to source control. Store it in an environment variable or a secrets manager.

Passing the key

Include the key in the Authorization header of every request using the Bearer scheme: 
curl https://your-deployment.convex.site/api/mcp/stats \
  -H "Authorization: Bearer mc_your_api_key"
All endpoints — memory, Knowledge Base, and session — require this header. Requests without a valid key receive a 401 Unauthorized response. 
{
  "error": "Unauthorized"
}

Legacy alias

If you are migrating from an earlier version of Memory Crystal, the environment variable CRYSTAL_API_KEY is accepted alongside MEMORY_CRYSTAL_API_KEY in the MCP server and plugin. The HTTP header name is always Authorization: Bearer.

Security properties

  • Hashed at rest — the plaintext key is never stored. Only its SHA-256 hash is written to the database.
  • Shown once — the dashboard displays the key immediately after creation and never again.
  • Per-key rate limiting — rate limits are enforced separately for each API key on all endpoints. The Knowledge Base endpoints allow up to 60 requests per minute per key. If you exceed the limit, the API returns 429 Too Many Requests.
{
  "error": "Rate limit exceeded. Max 60 requests/minute."
}

Example request

The example below creates a memory directly using the capture endpoint. Replace mc_your_api_key with your actual key and your-deployment.convex.site with your backend URL. 
curl -X POST https://your-deployment.convex.site/api/mcp/capture \
  -H "Authorization: Bearer mc_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Chose Convex for the backend",
    "content": "Selected Convex over Supabase because of built-in vector search and real-time subscriptions.",
    "store": "semantic",
    "category": "decision",
    "tags": ["architecture", "backend", "convex"]
  }'

{
  "memoryId": "mem_abc123",
  "created": true
}