Authentication

LoreMind uses API keys for authentication. This guide covers the different key types and how to use them.

API Key Types

Editor Key (`sk_editor_*`)

Used for game engine editor tooling:

Populates Entity Mind dropdowns in editor UI
Fetches project configuration
Powers SDK control panels and setup wizards

Never include in builds. These keys should only exist in your development environment, not shipped games.

Server Key (`sk_server_*`)

Used for NPC interactions:

Generate NPC responses via /npc/interact endpoint
Required for all conversation requests
Supports playerId for long-term memory

Keep secure. In production, store on your backend - never in game builds.

Usage Patterns

Editor Testing

During development, SDKs use your Server Key for testing:

Store the Server Key in the SDK’s control panel
The SDK saves it locally (not included in builds)
NPC interactions work immediately in editor play mode


// Works in Editor - SDK handles auth automatically
var response = await npc.RespondAsync("Hello!");

Production

When you ship your game, your backend holds the API key:

Store the Server Key in environment variables on your backend
Your game calls your backend (not LoreMind directly)
Your backend adds the key and forwards to LoreMind


Game Client → Your Backend → LoreMind API
               (adds key)

See Server Integration for implementation details.

Creating API Keys

Go to Projects in the dashboard
Click on your project to view its API Keys
Click Create API Key
Choose Editor Key or Server Key
Copy immediately (shown only once)

API Keys dashboard

Making Authenticated Requests

Include your API key in the Authorization header:


curl -X POST https://loremind.peekgames.dev/api/loremind/v1/npc/interact \
  -H "Authorization: Bearer sk_server_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "Hello!",
    "entityMindId": "em_abc123",
    "playerId": "player_001"
  }'

Player Identity

For long-term memory and per-player rate limits, include playerId in requests:


{
  "text": "Hello!",
  "entityMindId": "em_abc123",
  "playerId": "steam_76561198012345678"
}

Good player ID choices:

Platform IDs: steam_76561198012345678, epic_abc123
Game account IDs: account_12345
Persistent UUIDs: 550e8400-e29b-41d4-a716-446655440000

Avoid:

Temporary session IDs (memories won’t persist)
Email addresses or real names (PII concerns)
Device IDs (players switch devices)

See Long-Term Memory for details.

Rate Limits

Rate limits are configurable per-project in Dashboard → Project Settings → Rate Limits.

When playerId is provided, rate limits apply per-player. Otherwise, limits apply per-project.

Your backend can implement additional rate limiting:


// Server-side rate limiting example
if (player.NPCInteractionsToday > dailyLimit)
{
    return TooManyRequests("Daily NPC limit reached");
}

Security Best Practices

Key Storage

Development: Store Server Key in Control Panel (EditorPrefs)
Production: Use environment variables or a secrets manager
Never: Commit keys to version control or include in builds

Key Rotation

Rotate keys periodically:

Create a new key in the dashboard
Update your backend configuration
Verify everything works
Delete the old key

Monitoring

Set up billing alerts for unusual usage
Monitor request patterns in the dashboard
Use playerId to track per-player usage

Error Responses

Status	Error	Description
401	`Invalid API key`	API key is missing, malformed, or revoked
403	`Editor API keys cannot be used`	Use Server Key for NPC interactions
429	`Rate limit exceeded`	Too many requests (see `Retry-After` header)

Next Steps

Backend Integration - Set up production authentication
Server Integration Guide - Complete architecture patterns
Long-Term Memory - Player memory across sessions