SecondMe API Technical Reference

This document contains complete technical reference information for the SecondMe API, for reference during development.

API Base URL

https://app.mindos.com/gate/lab

OAuth2 Authorization URL

https://go.second.me/oauth/

OAuth2 Flow

1. User clicks Login → Redirect to SecondMe authorization page
2. User authorizes → Redirect back to your application (with authorization_code)
3. Backend exchanges code for access_token and refresh_token
4. Call SecondMe API using access_token
5. Refresh with refresh_token when Token expires

Token Validity Period

Token Type	Prefix	Validity Period
Authorization Code	`lba_ac_`	5 minutes
Access Token	`lba_at_`	2 hours
Refresh Token	`lba_rt_`	30 days

Permission List (Scopes)

Scope	Description
`user.info`	Basic user information
`user.info.shades`	User interest tags
`user.info.softmemory`	User soft memory
`note.add`	Add notes
`chat`	Chat functionality
`chat`	Structured action judgment (Act)

API Response Format and Handling

Important: All SecondMe API responses follow a unified format:

json

{
  "code": 0,
  "data": { ... }  // Actual data is in the data field
}

Frontend code must extract data correctly:

typescript

// Note: The following /api/secondme/... is a Next.js local route (generated by secondme-nextjs skill),
// which proxies requests to the upstream SecondMe API and passes through the upstream response format.

// ❌ Wrong approach - Directly using the response will cause .map is not a function
const response = await fetch('/api/secondme/user/shades');  // Next.js local route
const shades = await response.json();
shades.map(item => ...)  // Error!

// ✅ Correct approach - Extract data from the data field
const response = await fetch('/api/secondme/user/shades');  // Next.js local route
const result = await response.json();
if (result.code === 0) {
  const shades = result.data.shades;  // Correct!
  shades.map(item => ...)
}

Data Paths for Each API

The following paths are upstream SecondMe API paths, complete URL =
{base_url}/api/secondme{path}
Where
base_url
comes from
state.api.base_url
(default
https://app.mindos.com/gate/lab
)

Upstream API Path	Data Path	Type
`/api/secondme/user/info`	`result.data`	object (contains fields like email, name, avatarUrl, route, etc.)
`/api/secondme/user/shades`	`result.data.shades`	array
`/api/secondme/user/softmemory`	`result.data.list`	array
`/api/secondme/chat/session/list`	`result.data.sessions`	array
`/api/secondme/chat/session/messages`	`result.data.messages`	array
`/api/secondme/act/stream`	SSE streaming JSON (needs delta concatenation)	SSE stream
`/api/secondme/note/add`	`result.data.noteId`	number

Act API (Structured Action Judgment)

The Act API is an interface independent of the Chat API, which restricts the model to output only valid JSON objects. It is suitable for structured decision-making scenarios such as sentiment analysis and intent classification. It uses the

chat

scope for permissions.

Endpoint (Upstream API)

POST {base_url}/api/secondme/act/stream

Request Parameters

Parameter	Type	Required	Description
message	string	Yes	User message content
actionControl	string	Yes	Action control instructions (20-8000 characters), defining JSON structure and judgment rules
appId	string	No	Application ID
sessionId	string	No	Session ID, automatically generated if not provided
systemPrompt	string	No	System prompt, only valid for the first time in a new session

actionControl Example

Only output valid JSON objects, no explanations.
Output structure: {"is_liked": boolean}.
Set is_liked=true when the user clearly expresses liking or support, otherwise is_liked=false.

Response Format (SSE)

event: session
data: {"sessionId": "labs_sess_xxx"}

data: {"choices": [{"delta": {"content": "{\"is_liked\": true}"}}]}

data: [DONE]

Frontend Handling Example

typescript

// Call Act API for structured judgment (proxied to upstream via Next.js local route)
const response = await fetch('/api/secondme/act/stream', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    message: userMessage,
    actionControl: 'Only output valid JSON. Structure: {"intent": "like"|"dislike"|"neutral"}. Judge intent based on user expression. Return {"intent": "neutral"} when information is insufficient.'
  })
});

// Concatenate delta content in the SSE stream, then JSON.parse to get the result

Chat vs Act Usage Scenarios

Scenario	API to Use	Reason
Free conversation	`/chat/stream`	Returns natural language text
Sentiment/intent judgment	`/act/stream`	Returns structured JSON
Yes/no decision making	`/act/stream`	Returns `{"result": boolean}`
Multi-category judgment	`/act/stream`	Returns `{"category": "..."}`
Content generation	`/chat/stream`	Requires long text output

Development Notes

State Parameter

Ignore the
state
parameter validation directly. There is no need to validate the state during callback processing; just process the authorization code directly.

CSS @import Rule Order

Important: In CSS files,

@import

statements must be placed at the very beginning of the file (only after

@charset

and

@layer

). Using

@import

after other CSS rules will cause parsing errors.

css

/* Correct approach - @import placed at the top */
@import url('https://fonts.googleapis.com/css2?family=Noto+Sans+SC&display=swap');

:root {
  --primary-color: #000;
}

/* Wrong approach - @import cannot be placed after other rules */
:root {
  --primary-color: #000;
}
@import url('...'); /* This will cause an error! */

Official Document Links

Document	URL
Quick Start	https://develop-docs.second.me/zh/docs
Authentication Overview	https://develop-docs.second.me/zh/docs/authentication
OAuth2 Guide	https://develop-docs.second.me/zh/docs/authentication/oauth2
SecondMe API Reference	https://develop-docs.second.me/zh/docs/api-reference/secondme
OAuth2 API Reference	https://develop-docs.second.me/zh/docs/api-reference/oauth
Error Code Reference	https://develop-docs.second.me/zh/docs/errors

secondme-reference

NPX Install

Tags

SKILL.md Content (Chinese)