API Reference
/
Authentication
/
Login

Papr Memory API (1.0.0)

API for managing personal memory items with authentication and user-specific data.

Authentication

This API supports three authentication methods:

  • API Key: Include your API key in the X-API-Key header
    X-API-Key: <your-api-key>
  • Session Token: Include your session token in the X-Session-Token header
    X-Session-Token: <your-session-token>
  • Bearer Token: Include your OAuth2 token from Auth0 in the Authorization header
    Authorization: Bearer <token>

All endpoints require one of these authentication methods.

Download OpenAPI description
index.json
index.yaml
Languages
Servers
Production server
http://memory.papr.ai/

v1

Operations

Memory

Operations

User

Operations

Feedback

Operations

Schema Management

Operations

Messages

Operations

omo

Operations

Sync

Operations

Telemetry

Operations

Document

Operations

GraphQL

Operations

Authentication

Operations

Login

Request

OAuth2 login endpoint. Initiates the OAuth2 authorization code flow.

Query Parameters:

  • redirect_uri: The URI to redirect to after authentication (required)
  • state: A random string for CSRF protection (optional but recommended)

Flow:

  1. Client redirects user to this endpoint with redirect_uri and state
  2. This endpoint redirects user to Auth0 for authentication
  3. After authentication, Auth0 redirects to /callback with authorization code
  4. /callback redirects back to the original redirect_uri with code and state

Example:

GET /login?redirect_uri=https://chat.openai.com&state=abc123
curl -i -X GET \
  http://memory.papr.ai/login

Responses

OAuth2 login initiated successfully

Bodyapplication/json
messagestring(Message)
Default "Redirecting to Auth0 for authentication"
redirect_urlRedirect Url (string) or Redirect Url (null)(Redirect Url)
Any of:
string(Redirect Url)
Response
application/json
{
  "message": "Redirecting to Auth0 for authentication",
  "redirect_url": "string"
}

Callback

Request

OAuth2 callback endpoint. Processes the authorization code from Auth0.

Query Parameters:

  • code: Authorization code from Auth0 (required)
  • state: State parameter for CSRF protection (required)

Flow:

  1. Auth0 redirects to this endpoint after successful authentication
  2. This endpoint validates the authorization code and state
  3. Redirects back to the original redirect_uri with code and state
  4. Client can then exchange the code for tokens at /token endpoint

Security:

  • Validates state parameter to prevent CSRF attacks
  • Checks authorization code expiration
  • Cleans up session data after processing
curl -i -X GET \
  http://memory.papr.ai/callback

Responses

OAuth2 callback processed successfully

Bodyapplication/json
messagestring(Message)

Callback status message

Default "Authorization successful"
codeCode (string) or Code (null)(Code)

Authorization code

Any of:

Authorization code

string(Code)

Authorization code

stateState (string) or State (null)(State)

State parameter for security

Any of:

State parameter for security

string(State)

State parameter for security

Response
application/json
{
  "message": "Authorization successful",
  "code": "string",
  "state": "string"
}

Token

Request

OAuth2 token endpoint. Exchanges authorization code for access tokens.

Request Body (JSON or Form):

  • grant_type: OAuth2 grant type - "authorization_code" or "refresh_token" (required)
  • code: Authorization code from OAuth2 callback (required for authorization_code grant)
  • redirect_uri: Redirect URI used in authorization (required for authorization_code grant)
  • client_type: Client type - "papr_plugin" or "browser_extension" (optional, default: papr_plugin)
  • refresh_token: Refresh token for token refresh (required for refresh_token grant)

Response:

  • access_token: OAuth2 access token for API authentication
  • token_type: Token type (Bearer)
  • expires_in: Token expiration time in seconds
  • refresh_token: Refresh token for getting new access tokens
  • scope: OAuth2 scopes granted
  • user_id: User ID from Auth0

Example Request:

{
    "grant_type": "authorization_code",
    "code": "abc123...",
    "redirect_uri": "https://chat.openai.com",
    "client_type": "papr_plugin"
}
curl -i -X POST \
  http://memory.papr.ai/token

Responses

OAuth2 token exchange successful

Bodyapplication/json
access_tokenstring(Access Token)required

OAuth2 access token

token_typestring(Token Type)

Token type

Default "Bearer"
expires_ininteger(Expires In)required

Token expiration time in seconds

refresh_tokenRefresh Token (string) or Refresh Token (null)(Refresh Token)

Refresh token for getting new access tokens

Any of:

Refresh token for getting new access tokens

string(Refresh Token)

Refresh token for getting new access tokens

scopestring(Scope)required

OAuth2 scopes granted

user_idUser Id (string) or User Id (null)(User Id)

User ID from Auth0

Any of:

User ID from Auth0

string(User Id)

User ID from Auth0

messageMessage (string) or Message (null)(Message)

Additional message or status

Any of:

Additional message or status

string(Message)

Additional message or status

Response
application/json
{
  "access_token": "string",
  "token_type": "Bearer",
  "expires_in": 0,
  "refresh_token": "string",
  "scope": "string",
  "user_id": "string",
  "message": "string"
}

Me

Request

Get current user information. Validates authentication and returns user details.

Authentication Required: One of the following authentication methods must be used:

  • Bearer token in Authorization header: Authorization: Bearer <access_token>
  • Session token in Authorization header: Authorization: Session <session_token>
  • API Key in Authorization header: Authorization: APIKey <api_key>

Headers:

  • Authorization: Authentication token (required)
  • X-Client-Type: Client type for logging (optional, default: papr_plugin)

Response:

  • user_id: Internal user ID
  • sessionToken: Session token for API access (if available)
  • imageUrl: User profile image URL (if available)
  • displayName: User display name (if available)
  • email: User email address (if available)
  • message: Authentication status message

Example:

GET /me
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
X-Client-Type: papr_plugin
curl -i -X GET \
  http://memory.papr.ai/me

Responses

User information retrieved successfully

Bodyapplication/json
user_idstring(User Id)required

Internal user ID

sessionTokenSessiontoken (string) or Sessiontoken (null)(Sessiontoken)

Session token for API access

Any of:

Session token for API access

string(Sessiontoken)

Session token for API access

imageUrlImageurl (string) or Imageurl (null)(Imageurl)

User profile image URL

Any of:

User profile image URL

string(Imageurl)

User profile image URL

displayNameDisplayname (string) or Displayname (null)(Displayname)

User display name

Any of:

User display name

string(Displayname)

User display name

emailEmail (string) or Email (null)(Email)

User email address

Any of:

User email address

string(Email)

User email address

messagestring(Message)

Authentication status message

Default "You are authenticated!"
Response
application/json
{
  "user_id": "string",
  "sessionToken": "string",
  "imageUrl": "string",
  "displayName": "string",
  "email": "string",
  "message": "You are authenticated!"
}

Logout

Request

OAuth2 logout endpoint. Logs out the user from Auth0 and redirects to specified URL.

Query Parameters:

  • returnTo: URL to redirect to after logout (optional, default: extension logout page)
  • client_type: Client type for determining Auth0 client ID (optional, default: papr_plugin)

Flow:

  1. Client redirects user to this endpoint
  2. This endpoint redirects to Auth0 logout URL
  3. Auth0 logs out the user and redirects to the specified return URL

Example:

GET /logout?returnTo=https://chat.openai.com

Note: This endpoint initiates the logout process. The actual logout completion happens on Auth0's side.

curl -i -X GET \
  http://memory.papr.ai/logout

Responses

Logout initiated successfully

Bodyapplication/json
messagestring(Message)

Logout status message

Default "Redirecting to logout"
logout_urlstring(Logout Url)required

URL to complete logout process

Response
application/json
{
  "message": "Redirecting to logout",
  "logout_url": "string"
}