Manage data and credentials
Export or delete stored content and understand the lifecycle of your credentials.
Export sessions
palim_export_session exports one session as Markdown, JSON, or text. palim_export_brain returns the complete Brain as an Obsidian-compatible Markdown vault. A single complete account export covering every data class is not currently available.
Delete sessions
| Action | Result |
|---|---|
palim_delete_session without hard_delete | Sets the session status to deleted. Messages and summary remain stored. |
palim_delete_session with hard_delete: true | Permanently removes the session, messages, and summary. |
| Delete in the dashboard | Always uses permanent deletion. |
There is currently no public restore operation for sessions with the deleted status. Always verify the session ID and title before permanent deletion.
Memories and Brain topics are always removed permanently when deleted. Complete account deletion is currently available only through privacy@usepalim.com.
API keys
Registration and sign-in on the setup page create a new API key. The raw key is shown only when it is issued; the server stores a hash for validation.
palim_logout deletes all API keys for the account by default and attempts to revoke all OAuth sessions. OAuth revocation requires an active OAuth/JWT session and cannot be completed from a pure API-key connection.
To delete only the API key used by the current connection, call palim_logout with delete_all_api_keys: false and, if appropriate, revoke_oauth_sessions: false. That client will then need a new key.
Dashboard key in the browser
The dashboard stores the entered API key in browser Local Storage and sends it as x-api-key with every dashboard API request. Do not use the dashboard in a shared browser profile, and use the dashboard sign-out action afterward to remove the locally stored key.
Connection URLs
palim_create_connection_url creates a URL containing a ctxu_ token for clients that cannot send custom HTTP headers. The server stores only a hash of the raw token. Each account can have at most five non-revoked connection tokens.
Connection URLs currently have no public management or revocation interface. Create one only when header-based authentication or OAuth is not possible, and treat the complete URL like a password.
Last updated on