Skip to main content

API Authentication

Different Stru AI APIs use different authentication methods. This guide covers authentication requirements for each API.

Memory API Authentication

The Memory API requires an API key passed in the X-API-Key request header. Get your API key from app.stru.ai.

Required Header

X-API-Key: YOUR_API_KEY

Example Request

cURL
curl -X POST https://memory.stru.ai/episodes \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "group_id": "user_123",
    "messages": [...]
  }'
Python
import requests

headers = {
    'X-API-Key': 'YOUR_API_KEY',
    'Content-Type': 'application/json'
}

response = requests.post(
    'https://memory.stru.ai/episodes',
    headers=headers,
    json={
        'group_id': 'user_123',
        'messages': [...]
    }
)
JavaScript
const response = await fetch('https://memory.stru.ai/episodes', {
  method: 'POST',
  headers: {
    'X-API-Key': 'YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    group_id: 'user_123',
    messages: [...]
  })
});
Get your Memory API key from app.stru.ai. Keep your API key secure and never expose it in client-side code.

Other APIs (Search, Mathcad, Excel)

These APIs require Bearer token authentication with an API key from app.stru.ai.

Required Header

Authorization: Bearer YOUR_API_KEY

Example Request

cURL
curl https://api.stru.ai/v1/search/jobs \
  -H "Authorization: Bearer sk_live_abc123..." \
  -H "Content-Type: application/json"
Python
import requests

headers = {
    'Authorization': 'Bearer sk_live_abc123...',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.stru.ai/v1/search/jobs',
    headers=headers
)
JavaScript
const response = await fetch('https://api.stru.ai/v1/search/jobs', {
  headers: {
    'Authorization': 'Bearer sk_live_abc123...',
    'Content-Type': 'application/json'
  }
});
Get your API key by signing in to app.stru.ai and generating a key from your dashboard.

Blogs API (Internal Only)

The Blogs API uses internal proprietary authentication and is restricted to internal use only. Base URL: https://api.stru.ai (no /v1) Authentication: API key (handled internally by the backend)
Blogs API endpoints are not available for external use. Authentication is managed through internal systems. Contact the Stru AI team if you need access for integration purposes.

Best Practices

  • Never commit API keys to version control
  • Use environment variables for API keys
  • Rotate keys regularly
  • Use different keys for development and production
# .env file
STRU_MEMORY_API_KEY=windowseat
Always handle authentication failures gracefully:
response = requests.post(url, headers=headers, json=data)

if response.status_code == 401:
    print("Authentication failed - check your API key")
elif response.status_code == 403:
    print("Forbidden - you don't have access to this resource")
All Stru AI APIs are HTTPS-only. Never use HTTP for API requests as it exposes your API keys.https://memory.stru.aihttp://memory.stru.ai

Error Responses

401 Unauthorized

Missing or invalid API key. 
{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

403 Forbidden

Valid API key but insufficient permissions. 
{
  "error": "Forbidden",
  "message": "You do not have access to this resource"
}

Getting API Keys

1

Sign in to Stru AI

Visit app.stru.ai and sign in to your account.
2

Navigate to API Keys

Go to your dashboard and find the API Keys section.
3

Generate a Key

Click “Generate New API Key” and save it securely. Keys start with sk_live_...
4

Use in Requests

Add the key to your requests as a Bearer token.
Authorization: Bearer sk_live_abc123...
Memory API: Uses the same API key system. Get your Memory API key with X-API-Key header format from your dashboard.

Rate Limits

Memory API

Recommended: Max 100 requests/minute per API key

Search API

Limit: 120 requests/minute (Pro tier)Varies by subscription tier

Mathcad & Excel

Limit: 60 requests/minute (Pro tier)Varies by subscription tier
Rate limits are enforced per API key. Exceeded limits return a 429 Too Many Requests error with retry-after headers:
  • X-RateLimit-Limit - Your rate limit
  • X-RateLimit-Remaining - Requests remaining
  • X-RateLimit-Reset - Time when limit resets