Authentication

Getting Started

The fastest way to get an API key:

engram signup

This creates a free account and saves your key automatically. No email required.

How It Works

Engram supports three authentication flows:

1. CLI Signup (recommended)

engram signup

Creates an anonymous account instantly. Your API key is saved to ~/.engram/config.json. This is the preferred flow for developers and AI agents — zero friction, no human interaction needed.

2. CLI Login

engram login

Sign in with email + password. Use this if you created an account on the website or linked your CLI account with engram link.

3. Website

Sign up or log in at getengram.app/login . Your API key is shown on the dashboard.

Linking Accounts

Anonymous CLI accounts can be linked to an email at any time:

engram link

This attaches an email + password to your existing account so you can:

• Access the web dashboard at getengram.app/dashboard 
• Upgrade to Pro or Team plans
• Recover your account on a new machine

Your data, API key, and organization stay the same — linking just adds an identity.

API Keys

Each key is tied to an organization and scopes all operations to that organization’s data.

Key Format

engram_sk_live_aBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeF

• Prefix: engram_sk_live_
• Followed by 32 random characters
• Total length: 47 characters

Usage

Pass your API key in the Authorization header:

Authorization: Bearer engram_sk_live_your_key_here

For MCP clients, this is set in the server configuration:

{
  "mcpServers": {
    "engram": {
      "url": "https://mcp.getengram.app/mcp",
      "headers": {
        "Authorization": "Bearer engram_sk_live_your_key_here"
      }
    }
  }
}

Security

• API keys are hashed with SHA-256 before storage. Engram never stores your raw key.
• The full key is shown once at creation. Store it securely — it cannot be retrieved later.
• Only the first 20 characters (the key prefix) are stored for identification.
• Keys can have an expiration date and can be revoked at any time.

Errors