Authentication
Generate a Connect Token and authenticate API requests. Synapse Layer uses OAuth 2.0 + PKCE for the Forge dashboard and simple token-based auth for the REST API and SDKs.
Connect Tokens
Connect Tokens are the primary authentication method for the REST API, Python SDK, TypeScript SDK, and MCP server. They follow the format sk_connect_*.
Each token is scoped to a user and provides access to that user's memories with full tenant isolation. Tokens are SHA-256 hashed before storage — the plaintext is shown only once at generation time.
Generate a Token
Via Dashboard
Navigate to /dashboard/connect and click Generate Token. Copy the token immediately — it won't be shown again.
Via API
Programmatic token generation is available via the token endpoint:
curl -X POST https://forge.synapselayer.org/api/v1/token/generate \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <session_token>" \
-d '{ "label": "my-agent-token" }'Warning
Using Tokens
Two methods are supported for passing Connect Tokens:
Method 1: x-connect-token header (preferred)
curl -H "x-connect-token: sk_connect_YOUR_KEY" ...Method 2: Authorization Bearer
curl -H "Authorization: Bearer sk_connect_YOUR_KEY" ...Python SDK
from synapse_layer import Synapse
# Option 1: Pass token directly
client = Synapse(api_key="sk_connect_YOUR_KEY")
# Option 2: Read from environment variable
# export SYNAPSE_TOKEN="sk_connect_YOUR_KEY"
client = Synapse() # reads SYNAPSE_TOKEN from envTypeScript SDK
import { SynapseClient } from 'synapse-layer';
const client = new SynapseClient({
apiKey: process.env.SYNAPSE_API_KEY!,
});OAuth 2.0 + PKCE
The Forge dashboard uses OAuth 2.0 + PKCE (S256) for user authentication. This is handled automatically when users sign in via Google OAuth. External agents connect via Connect Tokens, not OAuth.
Note
Token Scoping
Every Connect Token is scoped to a single user (tenant). Memories stored with one token are isolated from other users' data. Cross-agent memory sharing works within the same tenant — different agents owned by the same user can access each other's memories.
| Scope | Access |
|---|---|
| User (tenant) | All memories belonging to the token owner |
| Agent | Namespace within a tenant — filter by agent_id on recall |
| Cross-agent | All agents within the same tenant can recall each other's memories |