Skip to main content


Accessing resources via the Memfault API or the Memfault CLI requires authentication. There are various mechanisms available for authentication, each with subtle differences in scope and limitations.


The recommended authentication mechanism for automation scripts is Organization Auth Tokens.

Organization Auth Token

Requests authenticated via an Organization Auth Token can only access the resources of their respective organization. Organization Admins can create and delete Organization Auth Tokens.

Organization Auth Tokens have the same access level as Project Managers, and this applies to every Project in the Organization.


Don't forget the colon (:) in front of the token. It separates the empty username from the password.

User API Key

Requests authenticated via an User API Key can access the resources of all the organizations a user has access to (except when SSO is required). However, they are not suitable for automation, as they will break when the user is removed from the organization.

Users can create and cycle their User API Key via Project Settings → User API Key. Even though they appear there, they are not tied to a certain project.


A user can use their actual password instead of an User API Key, but this is not recommended.

Project Key

Requests authenticated via Project Keys (sometimes also referred to as "Project API Keys") have very limited access to a single project. They are meant to be used by devices that send data to Memfault and in contrast to the other mechanisms listed here not considered secrets. They can also be useful during initial development to send up coredumps from a developers machine.

A Project Key is generated automatically upon project creation. Organization Admins and Project Managers can generate and cycle the API key via an API endpoint. Every project member see the project's Project Key.

curl --header "Memfault-Project-Key: $YOUR_PROJECT_KEY" ...