> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anonalabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

# Authentication

Anona Memory uses API key-based authentication with Bearer tokens.

## Getting an API Key

1. Sign up at the [Anona Memory dashboard](http://anona-prod-alb-747552680.us-east-1.elb.amazonaws.com)
2. Verify your email
3. Go to **Settings** → **API Keys** → **Create API Key**
4. Choose environment (**live** or **test**) and a name
5. Copy your key immediately - it's shown only once

Keys follow the format `anona_live_<random>` (production) or `anona_test_<random>` (testing).

## Using Your API Key

```bash theme={null}
curl -X POST http://anona-prod-alb-747552680.us-east-1.elb.amazonaws.com/v1/memories \
  -H "Authorization: Bearer anona_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"space_id": "spc_a1b2c3d4", "content": "User data"}'
```

**Python SDK:**

```python theme={null}
from anona import AnonaClient

client = AnonaClient(api_key="anona_live_YOUR_KEY")
client.add_memory(space_id="spc_a1b2c3d4", content="User data")
```

## Key Security

* **Never share your API key** - treat it like a password
* **Never commit to version control** - use environment variables
* **Rotate regularly** - create new keys and revoke old ones if compromised
* **Use `test` keys in development**, `live` keys only in production

```bash theme={null}
export ANONA_API_KEY="anona_live_YOUR_KEY"
```

```python theme={null}
import os
client = AnonaClient(api_key=os.environ["ANONA_API_KEY"])
```

## Authentication Errors

**401 Unauthorized:**

```json theme={null}
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key",
    "request_id": "req_..."
  }
}
```

Common causes:

* API key not included in header
* API key is invalid or revoked
* API key belongs to a different organization
* Header format incorrect (must be `Authorization: Bearer <key>`)

***

## Organization & Space Context

Every request operates in the context of your organization (from the API key) and a `space_id` you supply. You cannot access spaces belonging to another organization - enforced at both the gateway and database level.

***

## API Key Management

Manage keys from the dashboard: **Settings** → **API Keys**.

* **List** - see key name, prefix, environment, created date, last used date, status
* **Revoke** - immediately and permanently disables the key (cannot be undone)
* **Rotate** - create a new key, update your app, then revoke the old one

***

## Rate Limiting

Requests are rate-limited per organization based on your plan. When exceeded:

```json theme={null}
{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded",
    "request_id": "req_..."
  }
}
```

Retry with exponential backoff.

***

## Next Steps

<CardGroup cols={2}>
  <Card title="Memories API" icon="square-plus" href="/api-reference/memories">
    Store and manage memories
  </Card>

  <Card title="Search API" icon="magnifying-glass" href="/api-reference/search">
    Query memories semantically
  </Card>

  <Card title="Spaces API" icon="folder" href="/api-reference/spaces">
    Manage memory spaces
  </Card>
</CardGroup>
