API Keys
Generate and manage keys in the Flumes dashboard. Keys are secret – never commit them to Git.
Authorization: Bearer FLUMES_SK_abc123
| Header | Purpose |
|---|
X-Flumes-Agent | Scope traffic to a specific agent within your org |
Idempotency-Key | Ensure safe retries for writes |
entity_id, namespace, and tags for fine-grained tenancy. Org is inferred from the API key; set namespace per app/env.
Scopes & limits
- Keys can be scoped as
read | write | admin.
- Rate-limit headers are returned on requests:
X-RateLimit-Remaining, X-RateLimit-Reset.
- On retries for writes, always include a stable
Idempotency-Key to avoid duplicates.
Transport security
All requests go through TLS 1.2+. We terminate TLS at cloud load balancers before routing to the service.
Data storage
- Hot memory lives in encrypted EBS volumes (AES-256).
- Backups are encrypted at rest and in transit.
We are not HIPAA compliant yet. Reach out if you need custom BAA.
Privacy & redaction
policy.pii_redaction=auto|off controls masking at assemble time.- Each memory has
sensitivity (auto|pii) so you can mark sensitive items explicitly.
