Authentication & Security

API Keys

Generate and manage keys in the Flumes dashboard. Keys are secret – never commit them to Git.

Authorization: Bearer FLUMES_SK_abc123

Headers & scoping

Header	Purpose
`X-Flumes-Agent`	Scope traffic to a specific agent within your org
`Idempotency-Key`	Ensure safe retries for writes

You can combine headers with request fields like entity_id, namespace, and tags for fine-grained tenancy. Org is inferred from the API key; set namespace per app/env.

Scopes & limits

Keys can be scoped as read | write | admin.
Rate-limit headers are returned on requests: X-RateLimit-Remaining, X-RateLimit-Reset.
On retries for writes, always include a stable Idempotency-Key to avoid duplicates.

Transport security

All requests go through TLS 1.2+. We terminate TLS at cloud load balancers before routing to the service.

Data storage

Hot memory lives in encrypted EBS volumes (AES-256).
Backups are encrypted at rest and in transit.

We are not HIPAA compliant yet. Reach out if you need custom BAA.

Privacy & redaction

policy.pii_redaction=auto|off controls masking at assemble time.
Each memory has sensitivity (auto|pii) so you can mark sensitive items explicitly.

Overview

Quickstart

Integration

Recipes

Concepts

Troubleshooting

Authentication & Security

API Keys

Headers & scoping

Scopes & limits

Transport security

Data storage

Privacy & redaction

Overview

Quickstart

Integration

Recipes

Concepts

Troubleshooting

​API Keys

​Headers & scoping

​Scopes & limits

​Transport security

​Data storage

​Privacy & redaction

API Keys

Headers & scoping

Scopes & limits

Transport security

Data storage

Privacy & redaction