Direct API

Authentication

Secure your API requests with Bearer token authentication.

Mind Reasoner API

Simple and Secure

Mind Reasoner API uses Bearer token authentication. Every request requires your API key in the Authorization header—no complex OAuth flows or token refresh mechanisms.

Getting Your API Key

1

Access Your Dashboard

Log in to your Mind Reasoner account and navigate to your account dashboard or settings.

2

Generate API Key

Click “Generate API Key” or locate your existing key. Copy it immediately—you won’t be able to view it again.

3

Store Securely

Save your API key in a secure location like a password manager or environment variable. Never commit it to version control.

Making Authenticated Requests

Include your API key in the Authorization header of every request:

$curl -X POST https://app.mindreasoner.com/api/public/v1/minds \
>  -H "Authorization: Bearer {{YOUR_API_KEY}}" \
>  -H "Content-Type: application/json" \
>  -d '{"name": "Example Mind"}'
Authorization Header Format

The format is: Authorization: Bearer YOUR_API_KEY

Note the space between “Bearer” and your key. This is required.

Best Practices

🔒

Never Expose Keys

  • Don’t commit API keys to Git repositories
  • Don’t include keys in client-side code
  • Don’t share keys in screenshots or messages
  • Use environment variables instead
🔄

Rotate Regularly

  • Generate new keys periodically
  • Rotate immediately if compromised
  • Keep backup keys for zero-downtime rotation
  • Revoke old keys after rotation
⚙️

Use Environment Variables

  • Store keys in .env files (add to .gitignore)
  • Use platform environment variables in production
  • Never hardcode keys in source code
  • Access via process.env or equivalent

Environment Variables

Store your API key in environment variables for different platforms:

.env File

Create a .env file in your project root:

$MIND_REASONER_API_KEY=your_actual_api_key_here

Add .env to your .gitignore:

$echo ".env" >> .gitignore

Access in your code:

1import dotenv from 'dotenv';
2dotenv.config();
3
4const apiKey = process.env.MIND_REASONER_API_KEY;

Authentication Errors

401 Unauthorized

Cause: Invalid or missing API key

Response:

1{
2  "error": "Unauthorized",
3  "message": "Invalid or missing API key"
4}

Solutions:

  • Verify your API key is correct
  • Check the Authorization header format
  • Ensure there’s a space between “Bearer” and your key
  • Confirm the key hasn’t been revoked

403 Forbidden

Cause: Valid key but insufficient permissions

Response:

1{
2  "error": "Forbidden",
3  "message": "Your account doesn't have access to this resource"
4}

Solutions:

  • Check your account subscription level
  • Verify the resource exists and belongs to your account
  • Contact support if you believe this is an error

Security Checklist

Security First

Follow this checklist to keep your API keys secure:

  • API keys stored in environment variables, not code
  • .env files added to .gitignore
  • Keys never committed to version control
  • HTTPS used for all API requests
  • Keys rotated every 90 days
  • Old keys revoked after rotation
  • Keys not shared in messages or screenshots
  • Server-side API calls only (not client-side)

What’s Next?

💡

Learn Core Concepts

Understand minds, snapshots, and simulations in the Core Concepts guide.

🚀

Start Building

Follow the Quick Start guide to create your first mind and run simulations.

📚

API Reference

Explore all endpoints, parameters, and responses in the complete API Reference.