Skip to main content
REST API keys let you authenticate scripts, hooks, and external tools against the 3ngram API as your user. Keys are used anywhere you’d otherwise use a bearer token — for example, the Claude Code capture hook reads ENGRAM_API_KEY to post memories in the background.
API keys carry your full user scope. They do not currently support per-key permissions or scoped access. Treat them like a password: rotate if exposed, revoke when a device is retired, and never commit them to version control.

Create a key

  1. Open app.3ngram.ai/settings/api-keys.
  2. Click create api key.
  3. Give it a descriptive name (e.g. capture-hook-laptop, ci-runner, zapier-webhook). Names are free-text, up to 64 characters, and only shown to you.
  4. Press create key.
The full key is displayed once, in the format eng_ + 40 random characters. Copy it with the button provided and store it in your secret manager, environment file, or password manager before dismissing the banner.
Once you dismiss the banner, the full key cannot be retrieved. 3ngram stores only the SHA-256 hash — there is no way to show it to you again. If you lose the key, create a new one and revoke the old one.

Use a key

Send the key as a bearer token on the Authorization header: 
curl https://api.3ngram.ai/api/memories \
  -H "Authorization: Bearer eng_..."
Keys work with every 3ngram REST endpoint your user can access, including:
  • POST /api/memories — capture memories
  • GET /api/dashboard/summary — read your dashboard
  • POST /api/internal/cron/*not accessible with API keys (cron endpoints require the CRON_SECRET header)
last_used_at updates on every successful request, so you can see at a glance which keys are active and which are stale.

Revoke a key

On the same page, click revoke next to any key, then confirm revoke. Revocation is immediate — the next request using that key returns 401 Unauthorized. Revoke promptly when:
  • A laptop or CI runner is decommissioned.
  • You suspect a key leaked (pushed to git, shared by mistake).
  • A team member who used the key leaves.

Capture hook setup

The Claude Code capture hook reads ENGRAM_API_KEY from your environment. After creating a key, set it in your shell profile or hook config: 
export ENGRAM_API_KEY="eng_..."
The hook will then authenticate background captures without prompting for credentials.