Authentication

This guide explains how to authenticate with the Papr Memory API using various methods.

Authentication Methods

Papr Memory supports three authentication methods:

1. API Key

Include your API key in the X-API-Key header:

X-API-Key: <your-api-key>

This is the recommended method for server-side applications.

2. Bearer Token

Include your OAuth2 token from Auth0 in the Authorization header:

Authorization: Bearer <token>

This is recommended for web applications and services using OAuth.

3. Session Token

Include your session token in the X-Session-Token header:

X-Session-Token: <your-session-token>

This is primarily used for browser-based applications where session management is important.

Important API Requirements

There are several critical requirements when using the Papr Memory API:

Environment Variable: You must set the PAPR_MEMORY_API_KEY environment variable before running your application.
HTTPS Required: The endpoint requires HTTPS protocol. Using HTTP will result in connection failures.
X-Client-Type Header Required: All requests must include the X-Client-Type header, which identifies the type of client making the request:
```
X-Client-Type: <client-type>
```
Example values: 'papr_plugin', 'browser_extension', 'sdk_typescript', 'sdk_python'
Authentication Method Precedence:
- When multiple authentication methods are provided, X-API-Key takes precedence over Bearer token
- Only use one authentication method at a time to avoid conflicts

Recommended Headers

For improved performance with large responses, we recommend including the following header:

Accept-Encoding: gzip

This enables response compression, significantly reducing transfer times for large payloads.

Code Examples

API Key Authentication

curl -X POST https://memory.papr.ai/v1/memory \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Accept-Encoding: gzip" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "Memory content text",
    "type": "text"
  }'

Bearer Token Authentication

curl -X POST https://memory.papr.ai/v1/memory \
  -H "Authorization: Bearer YOUR_OAUTH_TOKEN" \
  -H "Accept-Encoding: gzip" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "Memory content text",
    "type": "text"
  }'

Security Best Practices

Never hardcode authentication credentials in your source code. Always use environment variables or secure secret management.
Generate different API keys - coming soon for different environments (development, staging, production).
Implement proper token refreshing when using Bearer tokens to ensure they don't expire during user sessions.
Rotate API keys periodically to minimize the impact of potential key leaks.
Use gzip compression for large responses to improve performance and reduce bandwidth usage.

Troubleshooting

Common authentication errors and solutions:

Error	Description	Solution
401 Unauthorized	Invalid or missing authentication	Verify your API key or token
403 Forbidden	Valid authentication but insufficient permissions	Check that your key has the right permissions
429 Too Many Requests	Rate limit exceeded	Implement rate limiting and backoff strategies

Next Steps

Learn about Memory Management
Explore Batch writes
See the complete API Reference