# User & Minds API SUMMARY: Account management — register, login, create minds, list minds, delete minds. JWT-protected. KEY CONTEXT: Auth: JWT (from /register or /login) Register: POST /register { email, password, display_name? } → returns JWT Login: POST /login { email, password } → returns JWT Create mind: POST /minds { name, description? } → returns mind_key (shown once!) List minds: GET /minds Delete mind: DELETE /minds/:id (irreversible — deletes all memories!) JWT expires after 7 days. Mind Key never expires. Mind Key is shown only once at creation — save it permanently. User & Minds API The User & Minds API handles account management. These endpoints use JWT authentication (not Mind Keys) because they operate at the account level, not the mind level. Authentication Endpoints POST /register Create a new user account. [CODE BLOCK] Response: [CODE BLOCK] POST /login Login to an existing account. [CODE BLOCK] Response: same as . Minds Endpoints POST /minds Create a new mind. Returns the Mind Key — save it immediately, it's shown only once. [CODE BLOCK] Response: [CODE BLOCK] > [!CRITICAL] > The is shown only once. If you lose it, you cannot retrieve it — > you must delete the mind and create a new one (which loses all stored memories). GET /minds List all minds for the current user. [CODE BLOCK] Response: [CODE BLOCK] DELETE /minds/:id Delete a mind permanently. [CODE BLOCK] > [!WARNING] > Deleting a mind is irreversible. All memories, tasks, chat history, and > scripts in that mind are permanently lost. Export first via > if you need a backup. Multi-Mind Pattern Most users benefit from multiple minds to keep contexts isolated: [CODE BLOCK] Use different Mind Keys in different LLM sessions to keep contexts isolated. Account Security Password requirements - Minimum 6 characters - No maximum (use a password manager) - Stored as bcrypt hash (never plaintext) JWT expiry JWTs expire after 7 days. When expired, simply call again. Mind Key security Mind Keys never expire. If a Mind Key is compromised: 1. Create a new mind via 2. Update your LLM config with the new Mind Key 3. Delete the compromised mind via Next Steps - Authentication — full auth guide - Mind Key vs JWT — decision guide - Sharing API — share minds with other users