diff --git a/services/groupware/DEVELOPER.md b/services/groupware/DEVELOPER.md
index be4b53b23..2812cb9e4 100644
--- a/services/groupware/DEVELOPER.md
+++ b/services/groupware/DEVELOPER.md
@@ -362,7 +362,7 @@ The necessary LDAP parameters are as follows:
 
 * <u>Bind DN:</u> `uid=libregraph,ou=sysusers,o=libregraph-idm`
 * <u>Bind Password:</u> `admin` (or whichever password is set in the `IDM_REVASVC_PASSWORD` environment variable in `opencloud.yml`)
-* <u>Base DN:</u> `o=libregraph-idm` or ``
+* <u>Base DN:</u> `o=libregraph-idm`
 * <u>Host:</u> `localhost`
 * <u>LDAP Port:</u> none, only supports LDAPS
 * <u>LDAPS Port:</u> `9235`
@@ -525,18 +525,36 @@ Note that `redocly-cli` does not need to be installed, it will be pulled locally
 
 This section assumes that you are using the [helper scripts in opencloud-tools](https://github.com/pbleser-oc/opencloud-tools) as instructed above.
 
-If you are running OpenCloud from within VSCode, then make sure to set the following environment variable `baseurl` first, in the shell from which you will use the scripts, as the OpenCloud process is listening to that address as opposed to <https://cloud.opencloud.test> and going through Traefik as is the case when running it from the Docker Compose `opencloud_full` setup:
+Your main swiss army knife tool will be `oc-gw` (mnemonic for "OpenCloud Groupware").
 
-```bash
-export baseurl=https://localhost:9200
-```
+As prerequisites, you should have `curl` and either [`http`(ie)](https://httpie.io/cli) or [`xh`](https://github.com/ducaale/xh) installed, in order to have a modern CLI HTTP client that is more helpful than plain old `curl`.
 
-The scripts default to using the user `alan` (with the password `demo`), which can be changed by setting the following environment variables:
+* `http` can be installed as follows: `pipx install httpie`,
+* while `xh` can be installed as follows: `cargo install xh --locked`
+
+As for credentials, `oc-gw` defaults to using the user `alan` (with the password `demo`), which can be changed by setting the following environment variables:
 
 * `username`
 * `password`
 
-Your main swiss army knife tool will be `oc-gw` (mnemonic for "OpenCloud Groupware"), which
+Example:
+
+```bash
+username=margaret password=demo oc-gw //accounts/all/quotas
+```
+
+To set them more permanently for the lifetime of a shell:
+
+```bash
+export username=lynn
+export password=demo
+
+oc-gw //accounts/all/mailboxes
+
+oc-gw //accounts/all/mailboxes/roles/inbox
+```
+
+The `oc-gw` script does the following regarding authentication:
 
 * checks whether a container named `opencloud_full-opencloud-1` is running locally
   * if so, whether it has basic auth enabled or not
diff --git a/services/groupware/pkg/groupware/groupware_api_emails.go b/services/groupware/pkg/groupware/groupware_api_emails.go
index fc41d5b14..7f341700f 100644
--- a/services/groupware/pkg/groupware/groupware_api_emails.go
+++ b/services/groupware/pkg/groupware/groupware_api_emails.go
@@ -1064,8 +1064,8 @@ type SwaggerGetLatestEmailsSummaryForAllAccountsParams struct {
 //
 // The following additional query parameters may be specified to further filter the emails to summarize:
 //
-// ! `unread`: when `true`, only unread emails will be summarized (default is to summarize all emails, read or unread)
-// ! `undesirable`: when `true`, emails that are flagged as spam or phishing will also be summarized (default is to ignore those)
+// !- `unread`: when `true`, only unread emails will be summarized (default is to summarize all emails, read or unread)
+// !- `undesirable`: when `true`, emails that are flagged as spam or phishing will also be summarized (default is to ignore those)
 //
 // responses:
 //
@@ -1084,12 +1084,12 @@ func (g *Groupware) GetLatestEmailsSummaryForAllAccounts(w http.ResponseWriter,
 			l = l.Uint(QueryParamLimit, limit)
 		}
 
-		unread, ok, err := req.parseBoolParam(QueryParamUnread, false)
+		seen, ok, err := req.parseBoolParam(QueryParamSeen, false)
 		if err != nil {
 			return errorResponse(err)
 		}
 		if ok {
-			l = l.Bool(QueryParamUnread, unread)
+			l = l.Bool(QueryParamSeen, seen)
 		}
 
 		undesirable, ok, err := req.parseBoolParam(QueryParamUndesirable, false)
@@ -1103,7 +1103,7 @@ func (g *Groupware) GetLatestEmailsSummaryForAllAccounts(w http.ResponseWriter,
 		var filter jmap.EmailFilterElement = nil // all emails, read and unread
 		{
 			notKeywords := []string{}
-			if unread {
+			if !seen {
 				notKeywords = append(notKeywords, jmap.JmapKeywordSeen)
 			}
 			if undesirable {
diff --git a/services/groupware/pkg/groupware/groupware_route.go b/services/groupware/pkg/groupware/groupware_route.go
index 878fd4ddd..ec1e9af1b 100644
--- a/services/groupware/pkg/groupware/groupware_route.go
+++ b/services/groupware/pkg/groupware/groupware_route.go
@@ -47,7 +47,7 @@ const (
 	QueryParamPartId                  = "partId"
 	QueryParamAttachmentName          = "name"
 	QueryParamAttachmentBlobId        = "blobId"
-	QueryParamUnread                  = "unread"
+	QueryParamSeen                    = "seen"
 	QueryParamUndesirable             = "undesirable"
 	HeaderSince                       = "if-none-match"
 )
@@ -63,7 +63,7 @@ func (g *Groupware) Route(r chi.Router) {
 			r.Get("/roles/{role}", g.GetMailboxByRoleForAllAccounts) // ?role=
 		})
 		r.Route("/emails", func(r chi.Router) {
-			r.Get("/latest/summary", g.GetLatestEmailsSummaryForAllAccounts)
+			r.Get("/latest/summary", g.GetLatestEmailsSummaryForAllAccounts) // ?limit=10&seen=true&undesirable=true
 		})
 		r.Get("/quota", g.GetQuotaForAllAccounts)
 	})