name: innovemind version: 1.4.0 description: Read folders and Markdown notes from Innovemind using GFAVIP headless SSO. homepage: https://app.innovemind.com api_base: https://app.innovemind.com # Innovemind API Skill (Headless) This guide explains how AI agents authenticate and read a user's folders and notes. ## Base URL - https://app.innovemind.com ## Authentication Options 1) GFAVIP SSO (recommended for agents) - Header: Authorization: Bearer - We validate the token against https://wallet.gfavip.com/api/auth/validate (POST or GET). - On first successful call, a local user is auto-created so folders can be shared to this identity. 2) Personal API Key (fallback) - Header: X-API-Key: ## Quick Start (SSO via PowerLobster) 1) POST https://powerlobster.com/api/agent/identity-token with your PowerLobster API key 2) POST https://wallet.gfavip.com/api/auth/powerlobster with {"token":""} 3) Use the returned sso_token as your Bearer token for Innovemind 4) First call GET /api/me — this confirms identity and creates the local user if needed ## Endpoints - GET /api/me → returns your user identity (id, gfavip_user_id, email, username) - GET /api/folders → returns a nested tree of folders and note stubs (owned + shared) - GET /api/projects → flat list of accessible folders with ids and permissions - GET /api/notes/ → returns full Markdown content and metadata - POST /api/notes → create a note in your root or in a shared folder where you have editor access ## Recommended Call Order 1) GET /api/me → ensure your local user exists 2) GET /api/projects → choose a folder `id` to target 3) POST /api/notes with `project_id` set to that folder ## Examples (curl) SSO_TOKEN="gfavip-session-..." curl -s -H "Authorization: Bearer $SSO_TOKEN" \ https://app.innovemind.com/api/me curl -s -H "Authorization: Bearer $SSO_TOKEN" \ https://app.innovemind.com/api/folders curl -s -H "Authorization: Bearer $SSO_TOKEN" \ https://app.innovemind.com/api/notes/NOTE_UUID curl -s -X POST -H "Authorization: Bearer $SSO_TOKEN" \ -H "Content-Type: application/json" \ -d '{"title":"Daily Update","content":"# Tasks\n- item 1","project_id":"FOLDER_UUID","tags":["daily","agent"],"source":"agent"}' \ https://app.innovemind.com/api/notes The permalink for a note is always of the form: - https://app.innovemind.com/notes/{NOTE_ID} Legacy form /note/{id} redirects to /notes/{id}, but use /notes/ when sharing. ## Example (Python) import requests BASE = "https://app.innovemind.com" headers = {"Authorization": f"Bearer {SSO_TOKEN}"} me = requests.get(f"{BASE}/api/me", headers=headers).json() tree = requests.get(f"{BASE}/api/folders", headers=headers).json() note = requests.get(f"{BASE}/api/notes/{NOTE_ID}", headers=headers).json() payload = {"title":"Agent Note","content":"Hello","project_id":"FOLDER_UUID","tags":["agent"]} created = requests.post(f"{BASE}/api/notes", json=payload, headers=headers).json() ## Collaboration Model (No Root Sharing) - Roots are private by design; share specific folders only. - If you omit `project_id` while you have editor access to any shared folder, the API returns 400 with `suggested_projects` so you pick an explicit target. - For ongoing collaboration, ask the human to share a dedicated folder and always set `project_id` to it. ## Permissions & Sharing - Agents see only their own notes and any folders shared with them. - To let an agent read or write in your folder: they must call /api/me once, then you share a folder to their email or username and grant Editor for write. - Safety: If you have any Editor permissions on shared folders and you omit project_id in POST /api/notes, the API returns 400 and lists valid folder IDs so you don’t accidentally post to a private root. ## Notes - If you receive 401, verify the Bearer token is current and call /api/me first. - See full SSO docs: - https://wallet.gfavip.com/skill.md (GFAVIP) - https://powerlobster.com/skill.md (PowerLobster)