Skip to main content

Overview

Reminix uses different authentication methods depending on where your code runs:
Token TypePrefixUse CaseCreated From
API Keyreminix_sk_Server-side API callsDashboard
Client Tokenreminix_ct_Browser/client-side callsYour backend via API
Personal Access Tokenreminix_pat_CLI, scripts, automationDashboard
API Keys are secret keys for server-side use only. Never expose them in browsers or mobile apps. For client-side usage, see Client Tokens.

API Keys (Server-Side)

Your API Key is a secret key — it provides full access to your project and should only be used in server-side code.

Getting Your API Key

1

Sign in to the Dashboard

Go to reminix.com/dashboard and sign in to your account.
2

Navigate to API Keys

Click on SettingsAPI Keys in the sidebar.
3

Create a new key

Click Create API Key, give it a name (e.g., “Production” or “Development”), and copy the key.
Your API key is shown only once. Store it securely — you won’t be able to see it again.

Using Your API Key

HTTP Header

Include your API key in the Authorization header: 
curl https://api.reminix.com/v1/agents/my-agent/invoke \
  -H "Authorization: Bearer reminix_sk_..." \
  -H "Content-Type: application/json" \
  -d '{"prompt": "hello"}'

Environment Variable

The recommended approach is to use an environment variable: 
export REMINIX_API_KEY=reminix_sk_...
The SDKs automatically read from REMINIX_API_KEY: 
from reminix import Reminix

# Automatically uses REMINIX_API_KEY
client = Reminix()

Explicit Configuration

You can also pass the key directly (useful for testing): 
client = Reminix(api_key="reminix_sk_...")

Security Best Practices

Use environment variables or a secrets manager. Add .env to your .gitignore.
Create separate keys for development, staging, and production. This limits blast radius if a key is compromised.
Regularly rotate your API keys, especially if team members leave or keys may have been exposed.
Never expose your API key in client-side code (browser, mobile apps). Make API calls from your backend.
Check the dashboard regularly for unexpected usage patterns that might indicate a compromised key.

Key Permissions

API keys have full access to your project’s resources:
PermissionDescription
AgentsInvoke and chat with all agents
ReadView agent configurations and logs
WriteDeploy and update agents

Revoking Keys

If a key is compromised:
  1. Go to SettingsAPI Keys in the dashboard
  2. Find the compromised key
  3. Click Revoke
The key is immediately invalidated. Update your applications with a new key.

Client-Side Authentication

For browser-based applications, you cannot use API keys directly — they would be exposed to end users. Instead, use Client Tokens. Client tokens are:
  • Short-lived (typically 1 hour)
  • Created by your backend using your API key
  • Scoped with context (e.g., user ID, session ID)
  • Safe for browsers — they can only access the Client API

Client Tokens

Learn how to authenticate browser-based applications

Next Steps

Python SDK

Configure the Python client

TypeScript SDK

Configure the TypeScript client