Securing Your Aletheia Instance

When you move from local development to a hosted environment, authentication becomes a top priority. Aletheia's API key management ensures your user's memories are protected.

A simple path to security

By default, the engine and SDKs use a shared testing key (XXX1111AAA). This is perfect for quick demos, but for real-world production, you'll need to use platform-issued keys.

How API keys keep you safe:

• App Isolation: Each key identifies exactly which application or workspace is making a request.
• Server-Side Enclosure: Aletheia enforces tenant and project scopes at the engine level, so memories from different apps never leak.
• Audit Logging: Every ingest and query is logged with request IDs and actor context, giving you a full trail of how memory is used.
• Traffic Control: We apply rate limits per key, ensuring your production instances are protected from accidental (or intentional) spikes in usage.

A quick example request

Using your API key is as simple as adding a header. Here's how you'd perform a semantic query using standard curl:

curl https://api.aletheia.com/query/semantic \
  -H "x-api-key: YOUR_PRODUCTION_API_KEY" \
  -H "content-type: application/json" \
  -d '{
    "textual_query": "What has changed in the user's profile?",
    "entity_id": "user-123",
    "limit": 5
  }'

The Platform Experience

The Aletheia Platform UI makes managing your security effortless. In just a few clicks, you can:

• Login and Sign Up: Securely manage your account and workspaces.
• Provision New Keys: Generate keys for different staging or production environments.
• Full Token Visibility: View and copy your keys for use in your SDKs.
• Revoke & Rotate: Instantly disable a key if it's been compromised.

Ready to secure your instance? Check out our [Quickstart](/docs/quickstart) to see how to point your SDK to a hosted Aletheia engine.