Skip to content
Inkbox

Inkbox

BlogContactDocs
GuidesAPI Reference

Ctrl K

GuidesAPI Reference

Jump to

Manage Notes

CRUD endpoints for organization-wide notes. Scoped agents see only notes they have been granted access to; human callers (Clerk JWT) and admin API keys see every note in the org.


Create note POST

POST /notes

Create a new note. created_by is stamped server-side from the auth context — any client-supplied value is rejected.

  • Agent creator (scoped API key): a per-identity access row is auto-inserted, making the note immediately visible to that agent. Other agents cannot see it until granted.
  • Human creator (JWT or admin key): no access row is inserted. The note stays invisible to all scoped agents until an admin grants them.

Request body

FieldTypeRequiredDescription
titlestring | nullNoShort title (max 255 chars)
bodystringYesNote body (1–100000 chars, stored byte-for-byte)

Request example

JSONJSON

Response (201)

JSONJSON

Error responses

StatusDescription
422Body too long, or client sent created_by (rejected by extra: forbid)

Code examples


List notes GET

GET /notes

List notes visible to the caller.

Query parameters

ParameterTypeDefaultDescription
qstringFull-text search over title + body, max 200 chars
identity_idUUIDFilter to notes granted to this identity
limitinteger501–200
offsetinteger0Offset for pagination
orderstringrecent"recent" (updated_at desc) or "created" (created_at desc)

Response (200)

Returns an array of note objects with inlined access arrays.

Code examples


Get note GET

GET /notes/{note_id}

Fetch a single note by ID.

Path parameters

ParameterTypeDescription
note_idUUIDNote ID

Code examples


Update note PATCH

PATCH /notes/{note_id}

Update a note. Any caller who can see the note can patch it.

Path parameters

ParameterTypeDescription
note_idUUIDNote ID

Request body

FieldTypeRequiredDescription
titlestring | nullNoOmit to leave unchanged, send null to clear, or send a string to set
bodystringNoOmit to leave unchanged, or send a new body. Sending null is not a legal operation (body is required) — returns 422.

created_by, organization_id, status, and timestamps are immutable.

Code examples


Delete note DELETE

DELETE /notes/{note_id}

Delete a note. Returns 204 No Content on success. Any caller who can see the note can delete it.

Code examples


Note object

FieldTypeDescription
idUUIDUnique note identifier
organization_idstringOwning organization
created_bystringOpaque creator stamp (user ID or identity ID). Immutable, server-populated.
titlestring | nullOptional short title
bodystringNote body (required, 1–100000 chars)
statusstringactive or deleted
created_atstringISO 8601
updated_atstringISO 8601
accessobject[]Inlined access rules. Empty for human-created notes until granted; single-element for agent creators; more entries after admin grants.

Inkbox

Copyright © 2026 Inkbox

This site is protected by reCAPTCHA.

Google Privacy Policy and Terms of Service apply.

Website

Inkbox

Copyright © 2026 Inkbox

This site is protected by reCAPTCHA.

Google Privacy Policy and Terms of Service apply.

Website

Manage Notes