Nowledge Mem can expose your local API through Cloudflare Tunnel. You get a public URL, and every request is still protected by your Mem API key.

Use this when you want one memory center across your laptop, desktop, agent nodes, and browser tools.

Access Mem Anywhere

Choose Your Connection Type

Type	Best for	What URL you get
Quick link	Fast setup in under a minute	Random `*.trycloudflare.com` URL
Cloudflare account	Daily/long-term usage	Stable URL on your own domain (for example `https://mem.example.com`)

Before You Start

Important

Open this guide from Settings → Access Mem Anywhere → Guide.

Quick link needs no Cloudflare account and no domain.
Cloudflare account mode requires a domain already managed in your Cloudflare account.
If you do not have a domain in Cloudflare yet, use Quick link first.
In Cloudflare account mode, the final public URL appears only after you create a hostname route.

Path A: Quick Link (No Account)

Open remote access in Mem

Open Settings → Access Mem Anywhere.

Turn on Allow devices on same Wi-Fi if you also want LAN access.

Choose Quick link and start

In Access from Anywhere, choose Quick link, then click Start.

Wait for status to become Live.

Copy URL and API key

In Ready to connect, copy:

URL
API key

Use Rotate if you want to issue a fresh key.

Verify from another machine

export NMEM_API_URL="https://<your-quick-link>"
export NMEM_API_KEY="nmem_..."
nmem status

Expected: status ok.

Path B: Cloudflare Account (Stable URL)

Prerequisite

You need a domain already in Cloudflare DNS (for example example.com) before this path can produce a stable URL.

Create a tunnel and copy the token

In Cloudflare Zero Trust:

Open Networks → Connectors → Create a tunnel.
Click Select Cloudflared.

Cloudflare Connectors page

Name the tunnel and click Save tunnel.

Name your tunnel

In Install and run connectors, copy the token from a command like:

sudo cloudflared service install ... <TOKEN>

In Mem Desktop, you can paste either:

the raw token, or
the full command line (supported forms: service install <token>, --token <token>, --token=<token>).

Mem extracts the token automatically.

Copy token from command

Create a public hostname route

In tunnel routing / hostname routes:

Create a hostname (for example mem.example.com).
Bind it to the tunnel you created.

This step creates your stable public URL.

Hostname routes list Create hostname route

Map the hostname to local Mem API

Open Networks → Connectors → your tunnel.

Open tunnel details

In Published application routes, click Add a published application route.

Add app route

Map mem.example.com to your local Mem server:

Subdomain: mem
Domain: your Cloudflare-managed domain
Service Type: HTTP
Service URL: http://127.0.0.1:14242

Do not append /remote-api.

Map to local Mem API

Save and start in Mem

Back in Settings → Access Mem Anywhere → Cloudflare account:

Public URL: https://mem.example.com
Tunnel token: paste raw token or full cloudflared command

Then:

Click Save
Click Start
Click Rotate if you want a fresh key
Click Copy to copy URL and API key

Verify from another machine

export NMEM_API_URL="https://mem.example.com"
export NMEM_API_KEY="nmem_..."
nmem status

Expected: status ok.

Use It on Other Clients

nmem CLI

export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."
nmem status
nmem m search "project notes"

Browser Extension (SidePanel)

Open any supported AI chat page, then open Nowledge Mem Exchange in the browser SidePanel:

Click Settings
In Access Mem Anywhere, paste the terminal setup copied from Mem Desktop:

export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."

Click Fill URL + key
Click Save
Click Test connection (should show success)

You can also type URL + key manually in the same section.

OpenClaw Plugin

Two options — pick whichever fits your setup:

Option A — Plugin config (recommended)

Add apiUrl and apiKey directly to your plugin entry in ~/.openclaw/openclaw.json:

{
  "plugins": {
    "slots": { "memory": "openclaw-nowledge-mem" },
    "entries": {
      "openclaw-nowledge-mem": {
        "enabled": true,
        "config": {
          "autoRecall": true,
          "autoCapture": false,
          "maxRecallResults": 5,
          "apiUrl": "https://<your-url>",
          "apiKey": "nmem_..."
        }
      }
    }
  }
}

The key is passed to the nmem subprocess via environment variable only — it never appears in logs or process arguments.

Option B — Environment variables

Set these in your shell before starting OpenClaw:

export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."

Both options are equivalent. Use Option A if OpenClaw runs as a service or you want the config self-contained. Use Option B to keep credentials out of config files.

MCP / Agent Nodes

MCP clients connect via HTTP — pass your API key in the Authorization header.

Cursor (~/.cursor/mcp.json or workspace .cursor/mcp.json):

{
  "mcpServers": {
    "nowledge-mem": {
      "url": "https://<your-url>/mcp",
      "type": "streamableHttp",
      "headers": {
        "APP": "Cursor",
        "Authorization": "Bearer nmem_..."
      }
    }
  }
}

Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "nowledge-mem": {
      "url": "https://<your-url>/mcp",
      "type": "streamableHttp",
      "headers": {
        "APP": "Claude",
        "Authorization": "Bearer nmem_..."
      }
    }
  }
}

Codex CLI (~/.codex/config.toml):

[mcp_servers.nowledge-mem]
url = "https://<your-url>/mcp"

[mcp_servers.nowledge-mem.http_headers]
APP = "Codex"
Authorization = "Bearer nmem_..."

Claude Code / CI / other shell-based agents — environment variables work too:

export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."

Quick Health Check

curl -H "Authorization: Bearer $NMEM_API_KEY" "$NMEM_API_URL/health"

Expected: health JSON response.

If wrong key:

curl -H "Authorization: Bearer wrong_key" "$NMEM_API_URL/health"

Expected: 401.

If your proxy strips auth headers:

curl "$NMEM_API_URL/health?nmem_api_key=$NMEM_API_KEY"

Security and Operations

API key is required for every remote request.
Rotate key anytime in Settings (old key becomes invalid immediately).
After your first successful Start, tunnel reconnects automatically on app restart until you click Stop.
Browse-Now / Browser Bridge automation endpoints are local-only and are not exposed through Access Anywhere.
Stop tunnel when remote access is not needed.

Troubleshooting

Start timed out: your network/proxy may block Cloudflare traffic. Retry, or switch to Cloudflare account mode.
401 Missing API key: proxy likely removed auth headers. Update nmem, or use query fallback for manual checks.
429 Too many invalid auth attempts: wrong key was retried repeatedly. Re-copy key or click Rotate.

Nowledge Mem can expose your local API through Cloudflare Tunnel. You get a public URL, and every request is still protected by your Mem API key.

Use this when you want one memory center across your laptop, desktop, agent nodes, and browser tools.

Access Mem Anywhere

Choose Your Connection Type

Type	Best for	What URL you get
Quick link	Fast setup in under a minute	Random `*.trycloudflare.com` URL
Cloudflare account	Daily/long-term usage	Stable URL on your own domain (for example `https://mem.example.com`)

Before You Start

Important

Open this guide from Settings → Access Mem Anywhere → Guide.

Quick link needs no Cloudflare account and no domain.
Cloudflare account mode requires a domain already managed in your Cloudflare account.
If you do not have a domain in Cloudflare yet, use Quick link first.
In Cloudflare account mode, the final public URL appears only after you create a hostname route.

Path A: Quick Link (No Account)

Open remote access in Mem

Open Settings → Access Mem Anywhere.

Turn on Allow devices on same Wi-Fi if you also want LAN access.

Choose Quick link and start

In Access from Anywhere, choose Quick link, then click Start.

Wait for status to become Live.

Copy URL and API key

In Ready to connect, copy:

URL
API key

Use Rotate if you want to issue a fresh key.

Verify from another machine

export NMEM_API_URL="https://<your-quick-link>"
export NMEM_API_KEY="nmem_..."
nmem status

Expected: status ok.

Path B: Cloudflare Account (Stable URL)

Prerequisite

You need a domain already in Cloudflare DNS (for example example.com) before this path can produce a stable URL.

Create a tunnel and copy the token

In Cloudflare Zero Trust:

Open Networks → Connectors → Create a tunnel.
Click Select Cloudflared.

Cloudflare Connectors page

Name the tunnel and click Save tunnel.

Name your tunnel

In Install and run connectors, copy the token from a command like:

sudo cloudflared service install ... <TOKEN>

In Mem Desktop, you can paste either:

the raw token, or
the full command line (supported forms: service install <token>, --token <token>, --token=<token>).

Mem extracts the token automatically.

Copy token from command

Create a public hostname route

In tunnel routing / hostname routes:

Create a hostname (for example mem.example.com).
Bind it to the tunnel you created.

This step creates your stable public URL.

Hostname routes list Create hostname route

Map the hostname to local Mem API

Open Networks → Connectors → your tunnel.

Open tunnel details

In Published application routes, click Add a published application route.

Add app route

Map mem.example.com to your local Mem server:

Subdomain: mem
Domain: your Cloudflare-managed domain
Service Type: HTTP
Service URL: http://127.0.0.1:14242

Do not append /remote-api.

Map to local Mem API

Save and start in Mem

Back in Settings → Access Mem Anywhere → Cloudflare account:

Public URL: https://mem.example.com
Tunnel token: paste raw token or full cloudflared command

Then:

Click Save
Click Start
Click Rotate if you want a fresh key
Click Copy to copy URL and API key

Verify from another machine

export NMEM_API_URL="https://mem.example.com"
export NMEM_API_KEY="nmem_..."
nmem status

Expected: status ok.

Use It on Other Clients

nmem CLI

export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."
nmem status
nmem m search "project notes"

Browser Extension (SidePanel)

Open any supported AI chat page, then open Nowledge Mem Exchange in the browser SidePanel:

Click Settings
In Access Mem Anywhere, paste the terminal setup copied from Mem Desktop:

export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."

Click Fill URL + key
Click Save
Click Test connection (should show success)

You can also type URL + key manually in the same section.

OpenClaw Plugin

Two options — pick whichever fits your setup:

Option A — Plugin config (recommended)

Add apiUrl and apiKey directly to your plugin entry in ~/.openclaw/openclaw.json:

{
  "plugins": {
    "slots": { "memory": "openclaw-nowledge-mem" },
    "entries": {
      "openclaw-nowledge-mem": {
        "enabled": true,
        "config": {
          "autoRecall": true,
          "autoCapture": false,
          "maxRecallResults": 5,
          "apiUrl": "https://<your-url>",
          "apiKey": "nmem_..."
        }
      }
    }
  }
}

The key is passed to the nmem subprocess via environment variable only — it never appears in logs or process arguments.

Option B — Environment variables

Set these in your shell before starting OpenClaw:

export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."

Both options are equivalent. Use Option A if OpenClaw runs as a service or you want the config self-contained. Use Option B to keep credentials out of config files.

MCP / Agent Nodes

MCP clients connect via HTTP — pass your API key in the Authorization header.

Cursor (~/.cursor/mcp.json or workspace .cursor/mcp.json):

{
  "mcpServers": {
    "nowledge-mem": {
      "url": "https://<your-url>/mcp",
      "type": "streamableHttp",
      "headers": {
        "APP": "Cursor",
        "Authorization": "Bearer nmem_..."
      }
    }
  }
}

Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "nowledge-mem": {
      "url": "https://<your-url>/mcp",
      "type": "streamableHttp",
      "headers": {
        "APP": "Claude",
        "Authorization": "Bearer nmem_..."
      }
    }
  }
}

Codex CLI (~/.codex/config.toml):

[mcp_servers.nowledge-mem]
url = "https://<your-url>/mcp"

[mcp_servers.nowledge-mem.http_headers]
APP = "Codex"
Authorization = "Bearer nmem_..."

Claude Code / CI / other shell-based agents — environment variables work too:

export NMEM_API_URL="https://<your-url>"
export NMEM_API_KEY="nmem_..."

Quick Health Check

curl -H "Authorization: Bearer $NMEM_API_KEY" "$NMEM_API_URL/health"

Expected: health JSON response.

If wrong key:

curl -H "Authorization: Bearer wrong_key" "$NMEM_API_URL/health"

Expected: 401.

If your proxy strips auth headers:

curl "$NMEM_API_URL/health?nmem_api_key=$NMEM_API_KEY"

Security and Operations

API key is required for every remote request.
Rotate key anytime in Settings (old key becomes invalid immediately).
After your first successful Start, tunnel reconnects automatically on app restart until you click Stop.
Browse-Now / Browser Bridge automation endpoints are local-only and are not exposed through Access Anywhere.
Stop tunnel when remote access is not needed.

Troubleshooting

Start timed out: your network/proxy may block Cloudflare traffic. Retry, or switch to Cloudflare account mode.
401 Missing API key: proxy likely removed auth headers. Update nmem, or use query fallback for manual checks.
429 Too many invalid auth attempts: wrong key was retried repeatedly. Re-copy key or click Rotate.

Access Mem Anywhere

On this page

Access Mem Anywhere

On this page