Replay public API requests use API keys. Your key identifies your Replay account and determines which memories the API can return.
Get an API key
Open the Replay web app and go to your account settings. Create or copy an API key from the API access section.
Treat your API key like a password. Do not ship it in client-side code, mobile apps, public repositories, or logs.
Send the key
The recommended format is a bearer token:
curl --request GET \
--url "$REPLAY_PUBLIC_API_URL/v1/memories" \
--header "Authorization: Bearer $REPLAY_API_KEY"
X-API-Key:
curl --request GET \
--url "$REPLAY_PUBLIC_API_URL/v1/memories" \
--header "X-API-Key: $REPLAY_API_KEY"
Ownership
You do not pass a user_id to the public API. Replay resolves the API key to the account that owns it.
This means:
GET /v1/memories only lists memories for the key ownerGET /v1/memories/{memory_id} only returns the memory if it belongs to the key owner- A valid key cannot read another account’s memories
Invalid keys
Missing, inactive, or incorrect API keys return 401.
{
"detail": "Invalid API key"
}
Server-side usage
Use the API from backend jobs, scripts, and agent runtimes where the key can stay private.
const response = await fetch(`${process.env.REPLAY_PUBLIC_API_URL}/v1/memories`, {
headers: {
Authorization: `Bearer ${process.env.REPLAY_API_KEY}`,
},
});
const memories = await response.json();
