Skip to main content

User & Minds API

Account management — register, login, create minds, list minds, delete minds. JWT-protected.


User & Minds API

The User & Minds API handles account management. These endpoints use JWT authentication (not Mind Keys) because they operate at the account level, not the mind level.

Authentication Endpoints

POST /register

Create a new user account.

curl -X POST https://synapse.schaefer.zone/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "your-secure-password",
    "display_name": "Michael"
  }'

Response:

{
  "jwt": "eyJhbGci...",
  "user": {
    "id": "u_abc123",
    "email": "you@example.com",
    "display_name": "Michael",
    "created_at": "2026-06-27T..."
  }
}

POST /login

Login to an existing account.

curl -X POST https://synapse.schaefer.zone/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "your-secure-password"
  }'

Response: same as /register.

Minds Endpoints

POST /minds

Create a new mind. Returns the Mind Key — save it immediately, it's shown only once.

curl -X POST https://synapse.schaefer.zone/minds \
  -H "Authorization: Bearer YOUR_JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Work Mind",
    "description": "Job-related memories"
  }'

Response:

{
  "id": "m_xyz789",
  "name": "Work Mind",
  "description": "Job-related memories",
  "mind_key": "mk_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789",
  "created_at": "2026-06-27T..."
}
The `mind_key` is shown only once. If you lose it, you cannot retrieve it — you must delete the mind and create a new one (which loses all stored memories).

GET /minds

List all minds for the current user.

curl -H "Authorization: Bearer YOUR_JWT" \
     https://synapse.schaefer.zone/minds

Response:

{
  "minds": [
    {
      "id": "m_xyz789",
      "name": "Work Mind",
      "description": "Job-related memories",
      "created_at": "2026-06-27T...",
      "memory_count": 142,
      "last_activity": "2026-06-27T..."
    }
  ]
}

DELETE /minds/:id

Delete a mind permanently.

curl -X DELETE -H "Authorization: Bearer YOUR_JWT" \
     https://synapse.schaefer.zone/minds/m_xyz789
Deleting a mind is **irreversible**. All memories, tasks, chat history, and scripts in that mind are permanently lost. Export first via `GET /memory/mind-export` if you need a backup.

Multi-Mind Pattern

Most users benefit from multiple minds to keep contexts isolated:

# Create minds for different contexts
curl -X POST .../minds -d '{"name": "work", "description": "Job"}'
# → mind_key: mk_work...

curl -X POST .../minds -d '{"name": "personal", "description": "Personal life"}'
# → mind_key: mk_personal...

curl -X POST .../minds -d '{"name": "project-synapse", "description": "Synapse dev"}'
# → mind_key: mk_synapse...

Use different Mind Keys in different LLM sessions to keep contexts isolated.

Account Security

Password requirements

  • Minimum 6 characters
  • No maximum (use a password manager)
  • Stored as bcrypt hash (never plaintext)

JWT expiry

JWTs expire after 7 days. When expired, simply call /login again.

Mind Key security

Mind Keys never expire. If a Mind Key is compromised:

  1. Create a new mind via POST /minds
  2. Update your LLM config with the new Mind Key
  3. Delete the compromised mind via DELETE /minds/:id

Next Steps