Nibbo

Architecture

How Nibbo is structured — browser vs integrations, families, and data paths.

Families

  • Every user belongs to a family. Shared entities (task boards, events, notes, shopping lists, …) are tied to familyId.
  • API handlers always resolve the caller’s family before reading or writing shared data.

Two ways to authenticate

ContextMechanismTypical use
Human in the browserNextAuth session (cookies)Web UI
Script, MCP server, mobile bridgeBearer token from profile keys (McpReadToken in the database; only a hash is stored)Automation

Integration routes do not use your browser cookies. You must send Authorization: Bearer … as described in Authentication.

Two read channels over HTTP

Both return the same JSON shapes for a given {resource}; they differ in auth rules and whether writes exist elsewhere.

ChannelPathNotes
MCP readGET /api/mcp/read/{resource}Scope mcp.read; does not require personalApiEnabled. Optional env tokens.
REST v1 readGET /api/v1/read/{resource}Scope v1.read; requires personalApiEnabled. Writes live under /api/v1/… with other scopes.

Next: Authentication → then REST API v1 or MCP read.

Overview

Nibbo integration documentation — who it is for and how to navigate it.

Authentication

Profile API toggle, token scopes, and how to create and revoke integration keys.

On this page

FamiliesTwo ways to authenticateTwo read channels over HTTP