diff --git a/spike/request/get_id.sh b/spike/request/get_id.sh
new file mode 100644
index 0000000..c2ab4c1
--- /dev/null
+++ b/spike/request/get_id.sh
@@ -0,0 +1,6 @@
+#! /bin/bash
+
+curl -i -sS localhost:3000/api/notes/$ID
+
+curl -sS localhost:3000/api/notes/$ID \
+   | jq '{id:.id, content:.content, title:.title}'
diff --git a/spike/request/list_ids.sh b/spike/request/list_ids.sh
new file mode 100644
index 0000000..2e9aa49
--- /dev/null
+++ b/spike/request/list_ids.sh
@@ -0,0 +1,3 @@
+#! /bin/bash
+
+curl -sS localhost:3000/api/tree | jq -r '.items | to_entries[].value.id' | grep -v ^root$
diff --git a/spike/request/put_id.sh b/spike/request/put_id.sh
new file mode 100644
index 0000000..2fae149
--- /dev/null
+++ b/spike/request/put_id.sh
@@ -0,0 +1,8 @@
+#! /bin/bash
+
+api_response="$(curl -i -sS localhost:3000/api)"
+csrf_key="xsrf-token"
+csrf_token="$(echo "$api_response" | grep -o '"csrfToken":[^,]*' | tr ':' '\n' | jq -r . | tail -n 1)"
+notea_auth_cookie="$(echo "$api_response" | grep ^set.cookie: | sed 's/^set.cookie: //' | tr ';' '\n' | head -n 1)"
+curl --fail -sS -X POST localhost:3000/api/notes/$ID -H "$csrf_key: $csrf_token" -b "$notea_auth_cookie" -H 'Content-Type: application/json' -d '{"content": "g"}'
+echo $?
diff --git a/spike/review/run.sh b/spike/review/run.sh
index ddf459a..58d27ea 100644
--- a/spike/review/run.sh
+++ b/spike/review/run.sh
@@ -17,8 +17,10 @@ docker run --rm -it \
   -e STORE_ACCESS_KEY=access_key \
   -e STORE_SECRET_KEY=secret_key \
   -e STORE_BUCKET=notea \
+  -e STORE_PREFIX=notea/ \
   -e STORE_END_POINT=http://$(ifconfig en0 | grep inet\  | awk '{print $2}'):9000 \
   -e STORE_FORCE_PATH_STYLE=true \
   -e PASSWORD=notea \
+  -e DISABLE_PASSWORD=true \
   -e COOKIE_SECURE=false \
   cinwell/notea