# User & Minds API The User & Minds API handles account management. These endpoints use JWT authentication (not Mind Keys) because they operate at the account level, not the mind level. ## Authentication Endpoints ### POST /register Create a new user account. ```bash curl -X POST https://synapse.schaefer.zone/register \ -H "Content-Type: application/json" \ -d '{ "email": "you@example.com", "password": "your-secure-password", "display_name": "Michael" }' ``` Response: ```json { "jwt": "eyJhbGci...", "user": { "id": "u_abc123", "email": "you@example.com", "display_name": "Michael", "created_at": "2026-06-27T..." } } ``` ### POST /login Login to an existing account. ```bash curl -X POST https://synapse.schaefer.zone/login \ -H "Content-Type: application/json" \ -d '{ "email": "you@example.com", "password": "your-secure-password" }' ``` Response: same as `/register`. ## Minds Endpoints ### POST /minds Create a new mind. Returns the Mind Key — **save it immediately**, it's shown only once. ```bash curl -X POST https://synapse.schaefer.zone/minds \ -H "Authorization: Bearer YOUR_JWT" \ -H "Content-Type: application/json" \ -d '{ "name": "Work Mind", "description": "Job-related memories" }' ``` Response: ```json { "id": "m_xyz789", "name": "Work Mind", "description": "Job-related memories", "mind_key": "mk_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789", "created_at": "2026-06-27T..." } ``` > [!CRITICAL] > The `mind_key` is shown only once. If you lose it, you cannot retrieve it — > you must delete the mind and create a new one (which loses all stored memories). ### GET /minds List all minds for the current user. ```bash curl -H "Authorization: Bearer YOUR_JWT" \ https://synapse.schaefer.zone/minds ``` Response: ```json { "minds": [ { "id": "m_xyz789", "name": "Work Mind", "description": "Job-related memories", "created_at": "2026-06-27T...", "memory_count": 142, "last_activity": "2026-06-27T..." } ] } ``` ### DELETE /minds/:id Delete a mind permanently. ```bash curl -X DELETE -H "Authorization: Bearer YOUR_JWT" \ https://synapse.schaefer.zone/minds/m_xyz789 ``` > [!WARNING] > Deleting a mind is **irreversible**. All memories, tasks, chat history, and > scripts in that mind are permanently lost. Export first via > `GET /memory/mind-export` if you need a backup. ## Multi-Mind Pattern Most users benefit from multiple minds to keep contexts isolated: ```bash # Create minds for different contexts curl -X POST .../minds -d '{"name": "work", "description": "Job"}' # → mind_key: mk_work... curl -X POST .../minds -d '{"name": "personal", "description": "Personal life"}' # → mind_key: mk_personal... curl -X POST .../minds -d '{"name": "project-synapse", "description": "Synapse dev"}' # → mind_key: mk_synapse... ``` Use different Mind Keys in different LLM sessions to keep contexts isolated. ## Account Security ### Password requirements - Minimum 6 characters - No maximum (use a password manager) - Stored as bcrypt hash (never plaintext) ### JWT expiry JWTs expire after **7 days**. When expired, simply call `/login` again. ### Mind Key security Mind Keys never expire. If a Mind Key is compromised: 1. Create a new mind via `POST /minds` 2. Update your LLM config with the new Mind Key 3. Delete the compromised mind via `DELETE /minds/:id` ## Next Steps - [Authentication](/docs/getting-started/authentication) — full auth guide - [Mind Key vs JWT](/docs/getting-started/mind-key-vs-jwt) — decision guide - [Sharing API](/docs/api/user) — share minds with other users