Authentication

Secure your API requests with Bearer token authentication.

Authentication

Secure your API requests with Bearer token authentication.

Mind Reasoner API

Simple and Secure

Mind Reasoner API uses Bearer token authentication. Every request requires your API key in the Authorization header—no complex OAuth flows or token refresh mechanisms.

Getting Your API Key

Access Your Dashboard

Generate API Key

Click “Generate API Key” or locate your existing key. Copy it immediately—you won’t be able to view it again.

Store Securely

Save your API key in a secure location like a password manager or environment variable. Never commit it to version control.

Making Authenticated Requests

Include your API key in the Authorization header of every request:

$ curl -X POST https://app.mindreasoner.com/api/public/v1/minds \
>   -H "Authorization: Bearer {{YOUR_API_KEY}}" \
>   -H "Content-Type: application/json" \
>   -d '{"name": "Example Mind"}'

Authorization Header Format

The format is: Authorization: Bearer YOUR_API_KEY

Note the space between “Bearer” and your key. This is required.

Best Practices

🔒Never Expose Keys
Don’t commit API keys to Git repositories
Don’t include keys in client-side code
Don’t share keys in screenshots or messages
Use environment variables instead
🔄Rotate Regularly
Generate new keys periodically
Rotate immediately if compromised
Keep backup keys for zero-downtime rotation
Revoke old keys after rotation
⚙️Use Environment Variables
Store keys in .env files (add to .gitignore)
Use platform environment variables in production
Never hardcode keys in source code
Access via process.env or equivalent

Environment Variables

Store your API key in environment variables for different platforms:

Local Development

Production

.env File

Create a .env file in your project root:

$ MIND_REASONER_API_KEY=your_actual_api_key_here

Add .env to your .gitignore:

$ echo ".env" >> .gitignore

Access in your code:

1 import dotenv from 'dotenv';
2 dotenv.config();
3 
4 const apiKey = process.env.MIND_REASONER_API_KEY;

Authentication Errors

401 Unauthorized

Cause: Invalid or missing API key

Response:

1 {
2   "error": "Unauthorized",
3   "message": "Invalid or missing API key"
4 }

Solutions:

Verify your API key is correct
Check the Authorization header format
Ensure there’s a space between “Bearer” and your key
Confirm the key hasn’t been revoked

403 Forbidden

Cause: Valid key but insufficient permissions

Response:

1 {
2   "error": "Forbidden",
3   "message": "Your account doesn't have access to this resource"
4 }

Solutions:

Check your account subscription level
Verify the resource exists and belongs to your account
Contact support if you believe this is an error

Security Checklist

Security First

Follow this checklist to keep your API keys secure:

API keys stored in environment variables, not code
.env files added to .gitignore
Keys never committed to version control
HTTPS used for all API requests
Keys rotated every 90 days
Old keys revoked after rotation
Keys not shared in messages or screenshots
Server-side API calls only (not client-side)

What’s Next?

💡

Learn Core Concepts

Understand minds, snapshots, and simulations in the Core Concepts guide.

🚀

Start Building

Follow the Quick Start guide to create your first mind and run simulations.

📚

API Reference

Explore all endpoints, parameters, and responses in the complete API Reference.

Mind Reasoner API

Simple and Secure

Mind Reasoner API uses Bearer token authentication. Every request requires your API key in the Authorization header—no complex OAuth flows or token refresh mechanisms.

Getting Your API Key

Access Your Dashboard

Generate API Key

Click “Generate API Key” or locate your existing key. Copy it immediately—you won’t be able to view it again.

Store Securely

Save your API key in a secure location like a password manager or environment variable. Never commit it to version control.

Making Authenticated Requests

Include your API key in the Authorization header of every request:

$ curl -X POST https://app.mindreasoner.com/api/public/v1/minds \
>   -H "Authorization: Bearer {{YOUR_API_KEY}}" \
>   -H "Content-Type: application/json" \
>   -d '{"name": "Example Mind"}'

Authorization Header Format

The format is: Authorization: Bearer YOUR_API_KEY

Note the space between “Bearer” and your key. This is required.

Best Practices

🔒Never Expose Keys
Don’t commit API keys to Git repositories
Don’t include keys in client-side code
Don’t share keys in screenshots or messages
Use environment variables instead
🔄Rotate Regularly
Generate new keys periodically
Rotate immediately if compromised
Keep backup keys for zero-downtime rotation
Revoke old keys after rotation
⚙️Use Environment Variables
Store keys in .env files (add to .gitignore)
Use platform environment variables in production
Never hardcode keys in source code
Access via process.env or equivalent

Environment Variables

Store your API key in environment variables for different platforms:

Local Development

Production

.env File

Create a .env file in your project root:

$ MIND_REASONER_API_KEY=your_actual_api_key_here

Add .env to your .gitignore:

$ echo ".env" >> .gitignore

Access in your code:

1 import dotenv from 'dotenv';
2 dotenv.config();
3 
4 const apiKey = process.env.MIND_REASONER_API_KEY;

Authentication Errors

401 Unauthorized

Cause: Invalid or missing API key

Response:

1 {
2   "error": "Unauthorized",
3   "message": "Invalid or missing API key"
4 }

Solutions:

Verify your API key is correct
Check the Authorization header format
Ensure there’s a space between “Bearer” and your key
Confirm the key hasn’t been revoked

403 Forbidden

Cause: Valid key but insufficient permissions

Response:

1 {
2   "error": "Forbidden",
3   "message": "Your account doesn't have access to this resource"
4 }

Solutions:

Check your account subscription level
Verify the resource exists and belongs to your account
Contact support if you believe this is an error

Security Checklist

Security First

Follow this checklist to keep your API keys secure:

API keys stored in environment variables, not code
.env files added to .gitignore
Keys never committed to version control
HTTPS used for all API requests
Keys rotated every 90 days
Old keys revoked after rotation
Keys not shared in messages or screenshots
Server-side API calls only (not client-side)

What’s Next?

💡

Learn Core Concepts

Understand minds, snapshots, and simulations in the Core Concepts guide.

🚀

Start Building

Follow the Quick Start guide to create your first mind and run simulations.

📚

API Reference

Explore all endpoints, parameters, and responses in the complete API Reference.

$	curl -X POST https://app.mindreasoner.com/api/public/v1/minds \
>	-H "Authorization: Bearer {{YOUR_API_KEY}}" \
>	-H "Content-Type: application/json" \
>	-d '{"name": "Example Mind"}'

1	import dotenv from 'dotenv';
2	dotenv.config();
3
4	const apiKey = process.env.MIND_REASONER_API_KEY;

1	{
2	"error": "Unauthorized",
3	"message": "Invalid or missing API key"
4	}

1	{
2	"error": "Forbidden",
3	"message": "Your account doesn't have access to this resource"
4	}