Skip to content
Doppelganger logodoppelganger
DocsPresetsForum
Back to documentation

API Authentication and Secure Access

Learn how to securely authenticate and access Mnemosyne Doppelganger’s API, including API keys, endpoints, and best practices for self-hosted deployments.

Mnemosyne Doppelganger exposes a live HTTP API for executing tasks programmatically. Secure authentication ensures only authorized users can trigger tasks or access sensitive data.

1. API Keys#

  • API keys are the only method for authenticating requests to Doppelganger.
  • Keys are stored in credentials.json and can be generated via the dashboard Settings → API Key.
  • Each request must include the key in the x-api-key or key header:
x-api-key: YOUR_API_KEY
  • Requests without a valid API key are rejected with 401 Unauthorized.

2. Accessing the API#

The base URL for local API access is:

http://localhost:11345/tasks/:id/api
  • :id is the task ID.
  • Supports Scrape and Agent tasks.
  • Optional extraction scripts can run during task execution.

Example POST Request#

curl -X POST http://localhost:11345/tasks/123/api \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
        "variables": {
          "query": "iphone"
        }
      }'

3. Authentication Workflow#

  • Include your API key in the x-api-key header.
  • Doppelganger validates the key before executing the task.
  • Responses include execution results, logs, and any extracted data.
  • Invalid or missing keys return 401 Unauthorized.

4. Security Best Practices#

  • Keep API keys secret: Never commit them to public repositories.
  • Restrict access: Limit requests to trusted machines or networks.
  • Use HTTPS: Encrypt traffic if the API is exposed over the internet.
  • Rotate keys periodically: Minimizes risk if a key is compromised.
  • Monitor usage: Track executions to detect abnormal activity.

5. Integrating with Orchestration Tools#

Use tools like n8n:

  • POST to the task API endpoint with your key in headers.
  • Pass runtime variables in the request body.
  • Capture results for downstream automation.
  • No additional adapters required.

6. Summary#

API keys are required for all programmatic access:

  • Protect your data and credentials
  • Enable safe task execution
  • Maintain full control over your self-hosted environment

Following these practices ensures secure and reliable integration with Mnemosyne Doppelganger.