API Keys
API keys provide an alternative to OAuth for authenticating with Basic Memory Cloud. Use them for CLI tools, automation scripts, or any MCP client that supports bearer token authentication.
Why Use API Keys?
- Simpler setup - No OAuth flow required
- Automation friendly - Use in scripts and CI/CD
- Multiple keys - Create separate keys for different tools
- Revocable - Disable a key without affecting others
Creating an API Key
Open Settings
In the web app, go to Settings → API Keys
Click Create Key
Click Create New API Key
Name Your Key
Enter a descriptive name like "Claude Desktop" or "Work Laptop"
Set Expiration (Optional)
Choose when the key should expire, or leave blank for no expiration
Copy Your Key
Important: Copy the key immediately. It's only shown once and cannot be retrieved later.
The key looks like: bmc_abc123def456...
Using API Keys
With Claude Desktop
Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"basic-memory": {
"url": "https://cloud.basicmemory.com/mcp",
"headers": {
"Authorization": "Bearer bmc_your_key_here"
}
}
}
}
With Codex CLI
Add to ~/.codex/config.toml:
[[mcp_servers]]
name = "basic-memory"
url = "https://cloud.basicmemory.com/mcp"
bearer_token_env_var = "BASIC_MEMORY_API_KEY"
Then set the environment variable:
export BASIC_MEMORY_API_KEY=bmc_your_key_here
With Other MCP Clients
Any MCP client that supports HTTP headers can use API keys:
Authorization: Bearer bmc_your_key_here
With curl
Test your key with curl:
curl -H "Authorization: Bearer bmc_your_key_here" \
https://cloud.basicmemory.com/api/v2/projects
Managing Keys
View Your Keys
In Settings → API Keys, you'll see:
- Key name
- Key prefix (first few characters for identification)
- Creation date
- Last used timestamp
- Status (active/expired/revoked)
Revoking a Key
To disable a key:
- Go to Settings → API Keys
- Find the key you want to revoke
- Click Revoke
- Confirm the action
Revoked keys stop working immediately. This cannot be undone.
Security Best Practices
Do
- Use descriptive names - "Claude Desktop Work" is better than "key1"
- Set expiration dates - Especially for temporary access
- Use environment variables - Don't hardcode keys in config files
- Revoke unused keys - Clean up keys you no longer need
- Create separate keys - One per device or application
Don't
- Share keys - Each user should have their own account and keys
- Commit keys to git - Add config files with keys to
.gitignore - Use keys in URLs - Always use the Authorization header
- Ignore suspicious activity - Check "last used" timestamps regularly
Key Format
API keys follow this format:
bmc_<random-base64url-string>
- Prefix
bmc_identifies it as a Basic Memory Cloud key - 32 bytes of cryptographically random data
- URL-safe base64 encoding
Example: bmc_K7xR2pQmNvLwYhT9sU3fAeBcDgHiJkMnOpQrStUv
API Keys vs OAuth
| Feature | API Keys | OAuth |
|---|---|---|
| Setup | Copy/paste key | Browser-based flow |
| Best for | CLI, scripts, automation | Interactive apps |
| Token refresh | No (long-lived) | Yes (short-lived + refresh) |
| Revocation | Per-key | Per-session |
| Scopes | Full access | Configurable |
Use API keys for:
- Command-line tools
- Automation scripts
- Headless environments
- Multiple concurrent sessions
Use OAuth for:
- Web applications
- First-time setup in Claude/ChatGPT
- When you want automatic token refresh
Troubleshooting
Key Not Working
- Verify the key is copied correctly (no extra spaces)
- Check the key hasn't been revoked
- Check the key hasn't expired
- Ensure the Authorization header format is correct:
Bearer bmc_...
"Unauthorized" Error
- Confirm your subscription is active
- Verify the key belongs to your account
- Try creating a new key
Key Not Showing in List
Keys are only shown once at creation. If you lost the key:
- Revoke the old key
- Create a new one
- Update your configuration