Browse docs

API Reference
Tap to expand
APIUpdated 2026-05-30

Authentication

Authenticate RetainDB dashboard, API, MCP, and SDK flows safely.

Applies to: RetainDB API v1

RetainDB has two auth models:

  1. Dashboard session auth for humans using RetainDB Cloud.
  2. API key auth for servers, MCP agents, SDKs, workers, CLIs, and external automation.

Normal dashboard users should not create or handle API keys.

API Key Auth

Send your key from server-side code:

http
Authorization: Bearer rdb_...

Alternative header:

http
X-API-Key: rdb_...

Recommended environment variables:

bash
RETAINDB_API_KEY="rdb_..."
RETAINDB_API_URL="https://api.retaindb.com"
RETAINDB_PROJECT="production"

Dashboard Session Auth

Dashboard source and query flows use the logged-in user's session. The dashboard validates organization and project membership, then calls RetainDB server-side.

That means:

  • users can connect sources and ask the company brain without an API key
  • browser code does not receive RetainDB API keys
  • API keys stay under Developers for external agents and servers

Caller Scope

RetainDB does not guess your app's identity model. Your server should authenticate the caller, then attach stable scope fields:

FieldUse it for
projectproduct, environment, workspace, or customer namespace
user_idapp user memory
session_idconversation or workflow memory
agent_idagent actor
task_idshared agent task

Safe Defaults

  • Keep API keys out of browser JavaScript.
  • Use separate keys for development, staging, and production.
  • Rotate keys pasted into logs, screenshots, chats, or public tickets.
  • Scope keys narrowly when your deployment supports scopes.
  • Log trace_id, not full secrets or full context payloads.

Common Mistakes

SymptomCauseFix
401 from MCPkey missing in MCP envadd RETAINDB_API_KEY and restart host
dashboard works but API failsdashboard session is not an API keycreate a key under Developers
API works locally but not Vercelenv var missing in deploymentadd server-side env vars and redeploy
user sees another user's memoryunstable or wrong user_idset scope after your own auth check

Next: Connect Agents, Memory API, or Company Brain API.

Was this page useful?

Your feedback helps us make the product easier to ship with.