Authentication

SoluCortex has two authentication levels: Admin (project management) and API Key (agent operations).

Admin Token

For management operations: create projects, list projects and manage API keys. It is configured as an environment variable on the server.

Header X-Admin-Token: <SOLUCORTEX_ADMIN_TOKEN>
bash
curl -s "$SOLUCORTEX_URL/api/v1/projects" \
  -H "X-Admin-Token: $SOLUCORTEX_ADMIN_TOKEN" \
  -H "Accept: application/json"
🔒 The Admin Token has full access. Never expose it in client code or public repositories.

Project API Key

For agent operations: register memories, fetch context and run semantic search. Each project has its own API keys (prefixed with scx_).

Header Authorization: Bearer scx_<api_key>
bash
curl -s -X POST "$SOLUCORTEX_URL/api/v1/memories" \
  -H "Authorization: Bearer $SOLUCORTEX_API_KEY" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{ ... }'

Generate an API key

When a project is created, a key is generated automatically. To create additional keys:

From the UI

Project dashboard → New API Key.

Via API (Admin)

bash
curl -s -X POST "$SOLUCORTEX_URL/api/v1/projects/$PROJECT_ID/api-keys" \
  -H "X-Admin-Token: $SOLUCORTEX_ADMIN_TOKEN" \
  -H "Accept: application/json"
⚠️ API keys are only shown in plain text at creation time. After that, only the SHA-256 hash is stored.

Revoke an API key

bash
curl -s -X DELETE \
  "$SOLUCORTEX_URL/api/v1/projects/$PROJECT_ID/api-keys/$KEY_ID" \
  -H "X-Admin-Token: $SOLUCORTEX_ADMIN_TOKEN"

Authentication errors

CodeReason
401Token missing or invalid
403Valid API key but the project does not match
429Rate limit exceeded - wait before retrying