Skip to main content
Remyx API keys are opaque, named tokens that carry an explicit set of scopes. Each scope gates which routes a key can call: a request to a route the key isn’t scoped for returns 403 Forbidden. Create and manage keys at Account > API Access. See Account & API Keys for that, and the API Reference for how scopes appear in REST calls.

Key prefixes

Every key’s prefix tells you what it’s for and how long it lives:
PrefixTypeUse it forExpiry
rmxu_…PersonalYour CLI, MCP server, ad-hoc REST callsNever expires
rmxa_…AutomationProvisioning automated discovery PRs (minted into repo secrets), CI, unattended scripts365-day TTL
Both are opaque (prefix + base62 entropy + CRC32 checksum). Remyx stores only sha256(key). The plaintext is shown once at creation, then rendered as rmxu_…last4 for identification.

Scope catalog

Scopes are category:access. Access is either read or write, and write implies read for the same category.
Categoryread grantswrite grants (includes read)
accountView your profile, teams, and key metadataUpdate profile and team settings
projectsList and read projectsCreate and modify projects
interestsList and read Research InterestsCreate, update, toggle, and delete interests
recommendationsRead recommendations and digestsRefresh recommendation pools
papersRead papers and asset search(read-only; no write scope)
experimentsList and read experimentsCreate, update, and decide experiments
evalsRead eval builds, runs, and templatesCreate/run/cancel evals; manage templates
workflowsRead workflow definitions and stateCreate and modify workflows
integrationsRead OAuth connection statusConnect/disconnect providers, manage tokens
githubRead GitHub App installation infoMint installation tokens, push branches, open PRs
provisioningRead provisioning statusProvision repos and mint CLI/automation tokens
papers is read-only; there is no papers:write. The deprecated models/datasets surface is not in the scope catalog; those routes are reachable only with a legacy full-access key.

Resource-qualified grants

A scope can be narrowed to a specific resource by appending its UUID:
interests:read:3f2a9c1e-…   # read only this one interest
Use resource-qualified grants when a key should touch a single resource rather than the whole category. A digest bot scoped to one interest is a common case.

Presets

When creating a key you can apply a one-click preset instead of picking scopes by hand:
PresetScopes grantedRecommended key type
Read-onlyread across the catalogrmxu_
Outrider setupprovisioning:write, interests:write, github:write, and morermxa_
Experiment CIexperiments:write, evals:write, projects:readrmxa_
Digest botrecommendations:read, papers:read, interests:readrmxa_ or rmxu_
You can always edit the scope set after applying a preset, before creating the key.

Which surface needs what

SurfaceKey typeRecommended scopes
CLI / MCP, personal usermxu_A broad personal key (or Read-only if you only consume data)
Automated discovery PRs (repo automation)rmxa_Outrider setup preset
CI pipelinesrmxa_Experiment CI preset
Digest / notification botrmxa_Digest bot preset (optionally resource-qualified to one interest)
Prefer a narrowly-scoped key per use over one broad key everywhere. To rotate, create a new key and revoke the old one; keys are immutable once created.

Account & API Keys

Create, scope, and revoke named keys

API Reference

REST endpoints and authentication

Connectors

OAuth connections (GitHub, HuggingFace, and more)

CLI

Authenticate the CLI with a personal key