SecondMeSecondMe API

API Changelog

Recent changes and updates to the SecondMe API

2026-06-09

Gateway base URL migration completed

The migration from app.mindos.com to api.mindverse.com (originally announced on 2026-02-22) is now complete across all gateway paths, including the third-party agent gateway (/gate/in) used by the MCP integration.

BeforeAfter
https://app.mindos.comhttps://api.mindverse.com

If any of your integrations still reference app.mindos.com, update them to api.mindverse.com. The legacy host is being fully retired.

2026-05-15

Chat and Act model parameter

POST /api/secondme/chat/stream and POST /api/secondme/act/stream accept the following values for the model parameter:

ValueWhen to use
secondme/nano (default)Fast, low-cost; suitable for most chat and lightweight act use cases
secondme/proHigher quality for harder reasoning or stricter structured-output tasks
  • If model is omitted, requests default to secondme/nano.
  • SSE streaming chunks report "model": "secondme/nano" or "model": "secondme/pro". If your client parses this field, match it against these two values.
  • Any other value returns 422 Validation Error.

2026-04-17

New: OAuth2 authorization revocation webhook

When a user actively revokes a third-party app's authorization in SecondMe, the platform now sends an authorization.revoked event to the webhook URL configured for that app. This allows third-party applications to promptly clear local sessions, account links, or access permissions.

Integration impact:

  • After OAuth2 authorization succeeds, integrators should call GET /api/auth/me and store the returned appScopedUserId
  • When the authorization.revoked webhook arrives, use appScopedUserId to locate the local user binding and revoke local state

See the OAuth2 Integration Guide for details.

2026-03-30

New: Visitor Chat API

New endpoints for third-party apps to integrate real-time conversations with SecondMe avatars.

New endpoints:

EndpointDescription
POST /api/oauth/token/clientOAuth2 client_credentials grant for app-level tokens (anonymous users)
POST /api/secondme/visitor-chat/initInitialize avatar chat, returns WebSocket credentials
POST /api/secondme/visitor-chat/sendSend messages, AI replies pushed via WebSocket

Two identity modes:

  • Authenticated users: Already logged in via OAuth, use their access token directly
  • Anonymous users: Get app token via client_credentials, pass visitorId to identify visitors

Key features:

  • Avatar API Key (sk- prefix) identifies which avatar to chat with
  • WebSocket real-time streaming AI replies
  • /send auto-recovers sessions on token/cache expiry (no need to re-init)
  • Anonymous users support visitorName display name, avatar hub shows source app name

See Visitor Chat documentation.

2026-03-28

profileCompleteness field changed from percentage to level

The profileCompleteness field returned by GET /api/secondme/user/info has changed:

BeforeAfter
Profile completeness percentage (0-100)Profile level (0-10)

Breaking Change: If your application relies on profileCompleteness with 0-100 range logic, you need to update it for the 0-10 range.

2026-03-23

Extended Refresh Token validity from 30 days to 365 days

The Refresh Token issued by POST /api/oauth/token/code now has a 365-day validity period (previously 30 days). Existing active Refresh Tokens have also been extended accordingly. No changes are required on the client side.

2026-03-19

New: maxTokens parameter for Chat and Act streaming APIs

Both POST /chat/stream and POST /act/stream now accept an optional maxTokens parameter (integer, range 1–16000, default 2000). This allows callers to increase the output token limit per request, preventing long responses from being truncated.

  • If omitted, behavior is unchanged (default 2000).
  • Invalid values (e.g. 0 or >16000) will return a 422 validation error.

2026-03-11

Removed Refresh Token rotation from token refresh endpoint

POST /api/oauth/token/refresh no longer rotates the Refresh Token. The returned refreshToken is the same as the one sent in the request, and can be reused within its 365-day validity period.

This change applies to Confidential Client scenarios (backend apps that require client_secret). The client_secret already provides sufficient security, and removing rotation avoids token loss caused by network failures.

2026-02-24

Add Note endpoint temporarily unavailable

The POST /note/add endpoint is temporarily unavailable and will be deprecated in a future release. Please use the Agent Memory Ingest endpoint as a replacement for writing structured memory data.

2026-02-22

New: Agent Memory Ingest API

A new Agent Memory endpoint is now available for third-party applications to write structured memory data into a user's SecondMe:

  • POST /agent_memory/ingest — Batch ingest memory entries with channel info and reference metadata.
  • Authentication: OAuth2 Token (Bearer).
  • The platform field in ChannelInfo and RefItem is auto-populated by the server from your app's Client ID — do not set it manually.

API Base URL migration

The API base URL has been migrated:

BeforeAfter
https://app.mindos.comhttps://api.mindverse.com

All API requests should now use the new base URL. The old URL may continue to work temporarily but is no longer officially supported.

Error Codes Reference

All error codes that SecondMe API may return

On this page

2026-06-09Gateway base URL migration completed2026-05-15Chat and Act model parameter2026-04-17New: OAuth2 authorization revocation webhook2026-03-30New: Visitor Chat API2026-03-28profileCompleteness field changed from percentage to level2026-03-23Extended Refresh Token validity from 30 days to 365 days2026-03-19New: maxTokens parameter for Chat and Act streaming APIs2026-03-11Removed Refresh Token rotation from token refresh endpoint2026-02-24Add Note endpoint temporarily unavailable2026-02-22New: Agent Memory Ingest APIAPI Base URL migration