SecondMe APIAPI Changelog
Recent changes and updates to the SecondMe API
2026-03-30
New: Visitor Chat API
New endpoints for third-party apps to integrate real-time conversations with SecondMe avatars.
New endpoints:
| Endpoint | Description |
|---|---|
POST /api/oauth/token/client | OAuth2 client_credentials grant for app-level tokens (anonymous users) |
POST /api/secondme/visitor-chat/init | Initialize avatar chat, returns WebSocket credentials |
POST /api/secondme/visitor-chat/send | Send messages, AI replies pushed via WebSocket |
Two identity modes:
- Authenticated users: Already logged in via OAuth, use their access token directly
- Anonymous users: Get app token via
client_credentials, passvisitorIdto identify visitors
Key features:
- Avatar API Key (
sk-prefix) identifies which avatar to chat with - WebSocket real-time streaming AI replies
/sendauto-recovers sessions on token/cache expiry (no need to re-init)- Anonymous users support
visitorNamedisplay name, avatar hub shows source app name
See Visitor Chat documentation.
2026-03-28
profileCompleteness field changed from percentage to level
The profileCompleteness field returned by GET /api/secondme/user/info has changed:
| Before | After |
|---|---|
| Profile completeness percentage (0-100) | Profile level (0-10) |
Breaking Change: If your application relies on profileCompleteness with 0-100 range logic, you need to update it for the 0-10 range.
2026-03-23
Extended Refresh Token validity from 30 days to 365 days
The Refresh Token issued by POST /api/oauth/token/code now has a 365-day validity period (previously 30 days). Existing active Refresh Tokens have also been extended accordingly. No changes are required on the client side.
2026-03-19
New: maxTokens parameter for Chat and Act streaming APIs
Both POST /chat/stream and POST /act/stream now accept an optional maxTokens parameter (integer, range 1β16000, default 2000). This allows callers to increase the output token limit per request, preventing long responses from being truncated.
- If omitted, behavior is unchanged (default 2000).
- Invalid values (e.g. 0 or >16000) will return a 422 validation error.
2026-03-11
Removed Refresh Token rotation from token refresh endpoint
POST /api/oauth/token/refresh no longer rotates the Refresh Token. The returned refreshToken is the same as the one sent in the request, and can be reused within its 365-day validity period.
This change applies to Confidential Client scenarios (backend apps that require client_secret). The client_secret already provides sufficient security, and removing rotation avoids token loss caused by network failures.
2026-02-24
Add Note endpoint temporarily unavailable
The POST /note/add endpoint is temporarily unavailable and will be deprecated in a future release. Please use the Agent Memory Ingest endpoint as a replacement for writing structured memory data.
2026-02-22
New: Agent Memory Ingest API
A new Agent Memory endpoint is now available for third-party applications to write structured memory data into a user's SecondMe:
POST /agent_memory/ingestβ Batch ingest memory entries with channel info and reference metadata.- Authentication: OAuth2 Token (Bearer).
- The
platformfield inChannelInfoandRefItemis auto-populated by the server from your app's Client ID β do not set it manually.
API Base URL migration
The API base URL has been migrated:
| Before | After |
|---|---|
https://app.mindos.com | https://api.mindverse.com |
All API requests should now use the new base URL. The old URL may continue to work temporarily but is no longer officially supported.