Skip to main content

API key authentication

All public API requests require an API key sent in the X-API-Key header: 
curl https://api.memcontext.in/api/memories/search?query=... \
  -H "X-API-Key: mc_your_key"
Create API keys from the MemContext dashboard under Settings > API Keys. Keys are prefixed with mc_ and shown only once at creation — store them securely.

MCP server authentication

The hosted MCP server at https://mcp.memcontext.in/mcp accepts the API key via HTTP headers. Both MEMCONTEXT-API-KEY and X-API-Key are supported: 
{
  "mcpServers": {
    "memcontext": {
      "url": "https://mcp.memcontext.in/mcp",
      "headers": {
        "MEMCONTEXT-API-KEY": "mc_your_key"
      }
    }
  }
}
See MCP Setup for configs specific to Claude Code, Cursor, OpenCode, and Codex CLI.

Rate limits

MemContext rate-limits requests per endpoint using a sliding window:
EndpointLimitWindow
Save memory (POST /api/memories)30 requests1 minute
Search memories (GET /api/memories/search)60 requests1 minute
Submit feedback (POST /api/memories/:id/feedback)30 requests1 minute
Global (all /api/* endpoints)100 requests1 minute
Rate-limited responses include headers to help you manage request timing:
HeaderDescription
X-RateLimit-LimitMaximum requests allowed in the current window
X-RateLimit-RemainingRemaining requests in the current window
X-RateLimit-ResetUnix timestamp when the window resets
When the limit is exceeded, the API returns 429 Too Many Requests.

Error responses

All errors follow a consistent JSON format: 
{
  "error": "Human-readable error message",
  "code": "HTTP_429",
  "requestId": "abc123xyz456"
}
FieldDescription
errorWhat went wrong
codeMachine-readable error code (e.g. HTTP_401, HTTP_404, INTERNAL_ERROR)
requestIdUnique request ID, also returned in the X-Request-Id response header
errorIdUnique error reference for support (only on server errors, format ERR_XXXXXXXX)
Common error codes:
CodeStatusMeaning
HTTP_401401Missing or invalid API key
HTTP_403403Memory limit exceeded for current plan
HTTP_404404Memory not found
HTTP_429429Rate limit exceeded
INTERNAL_ERROR500Unexpected server error

Request limits

ConstraintValue
Max request body size50 KB
Max memory content length10,000 characters
Max search query length1,000 characters
Max feedback context length1,000 characters

Best practices

  • Create a separate API key per integration or environment
  • Keep API keys server-side — never expose them in client-side code
  • Rotate keys immediately if you suspect exposure
  • Use the project parameter to scope memories when working across multiple projects