Skip to main content
REST API keys let you authenticate scripts, hooks, and external tools against the 3ngram REST API as your user. The Claude Code capture hook reads ENGRAM_API_KEY to post memories in the background, for example.
API keys authenticate REST endpoints (https://api.3ngram.ai/api/*) only — they do not authenticate the MCP server (mcp.3ngram.ai), which uses OAuth. See Connecting Clients for MCP client setup.
API keys carry your full user scope. They do not currently support per-key permissions or scoped access. Treat them like a password: rotate if exposed, revoke when a device is retired, and never commit them to version control.

Create a key

  1. Open app.3ngram.ai/settings#api-keys, or open Settings in the app and click the API Keys card.
  2. In the API Keys drawer, click create api key.
  3. Give it a descriptive name (e.g. capture-hook-laptop, ci-runner, zapier-webhook). Names are free-text, up to 64 characters, and only shown to you.
  4. Press create key.
The full key is displayed once, in the format eng_ + 40 random characters. Copy it with the button provided and store it in your secret manager, environment file, or password manager before dismissing the banner.
Once you dismiss the banner, the full key cannot be retrieved. 3ngram stores only the SHA-256 hash — there is no way to show it to you again. If you lose the key, create a new one and revoke the old one.

Use a key

Send the key on the X-API-Key header: 
curl https://api.3ngram.ai/api/memories \
  -H "X-API-Key: eng_..." \
  -H "Content-Type: application/json" \
  -d '{"topic": "test", "content": "first memory from the API", "memory_type": "note"}'
Keys work with every 3ngram REST endpoint your user can access, including:
  • POST /api/memories — capture memories
  • GET /api/dashboard/summary — read your dashboard
  • POST /api/internal/cron/*not accessible with API keys (cron endpoints require the CRON_SECRET header)
last_used_at updates on every successful request, so you can see at a glance which keys are active and which are stale.

Revoke a key

In the same drawer, click revoke next to any key, then confirm revoke. Revocation is immediate — the next request using that key returns 401 Unauthorized. Revoke promptly when:
  • A laptop or CI runner is decommissioned.
  • You suspect a key leaked (pushed to git, shared by mistake).
  • A team member who used the key leaves.

Capture hook setup

The Claude Code capture hook reads ENGRAM_API_KEY from your environment. After creating a key, set it in your shell profile or hook config: 
export ENGRAM_API_KEY="eng_..."
The hook will then authenticate background captures without prompting for credentials.