Login Start free →
HI ▾

Authentication

Every API request carries an API key in the Authorization header.

Authorization: Bearer om_live_9f8e7d6c5b4a…

Obtaining a key

  1. Sign up at oramemory.com/app/signup.
  2. On the welcome screen, copy the key — it's shown exactly once.
  3. Create more keys anytime from /app/projects → pick a project → Generate key.

Keys come in two environments:

Prefix Use
om_live_… Production
om_test_… Separate test sandbox (same API)

How we store keys

Only the SHA-256 hash is stored. We physically cannot recover the plaintext — if you lose a key, revoke it and issue a new one.

Every request updates last_used_at on the key so you can spot stale ones in the dashboard.

Revocation

From /app/projects/, click Revoke next to any key. Subsequent requests with that key return HTTP 401 within seconds.

Response on bad auth

{
  "data":  null,
  "error": { "code": 401, "message": "Invalid API key" },
  "meta":  {}
}
Status When
401 Missing, invalid, or revoked key
403 Free-plan key calling the managed API
403 Account suspended