Appearance
Authenticated User
Retrieves the current authenticated user's information including profile data. This endpoint requires authentication and returns the user and profile information of the authenticated user.
Endpoint
GET /auth/authenticated-userAuthentication: Tenant authentication and user authentication required
Description
The authenticated-user endpoint allows authenticated users to retrieve their own account information. This endpoint returns the user and profile information of the authenticated user. Profile information may be null if the user has not set up a profile.
Request
No request body is required for this endpoint. The user must be authenticated via the x-token header containing a valid JWT access token.
Response
Status Code: 200 OK
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"data": {
"id": "01ARZ3NDEKTSV4RRFFQ69G5FAV",
"method": "password",
"profile": {
"name": "John Doe",
"birthDate": "1990-01-15T00:00:00.000Z",
"avatar": "https://example.com/avatar.jpg",
"gender": ["male"],
"createdAt": "2025-01-10T10:00:00.000Z",
"updatedAt": "2025-01-15T10:30:00.000Z",
"customField": "customValue"
},
"createdAt": "2025-01-10T10:00:00.000Z",
"updatedAt": "2025-01-15T10:30:00.000Z"
}
}| Field | Type | Description |
|---|---|---|
id | string | ULID user identifier |
method | string | Authentication method used by the user |
profile | ProfileResponse | null | User profile information (null if not set up) |
createdAt | string | ISO 8601 user creation timestamp |
updatedAt | string | ISO 8601 user last update timestamp |
Profile Object
When profile is not null, it contains standard profile fields and may also include additional custom fields. These custom fields can be dynamically added through profile components and are returned as dynamic data in the response.
| Field | Type | Description |
|---|---|---|
name | string | User's full name (nullable) |
birthDate | string | User's birth date in ISO 8601 format (nullable) |
avatar | string | URL to user's avatar image (nullable) |
gender | string[] | Array of gender identifiers |
createdAt | string | ISO 8601 profile creation timestamp |
updatedAt | string | ISO 8601 profile last update timestamp |
[key] | unknown | Additional custom fields (dynamic data from profile components) |
Example Response with Null Profile
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"data": {
"id": "01ARZ3NDEKTSV4RRFFQ69G5FAV",
"method": "google",
"profile": null,
"createdAt": "2025-01-10T10:00:00.000Z",
"updatedAt": "2025-01-15T10:30:00.000Z"
}
}Rate Limiting
Rate limiting is applied to prevent abuse and ensure system stability. The authenticated-user endpoint has the following rate limits:
| Limit Type | Rate | Window |
|---|---|---|
| Per IP | 60 requests | 1 hour |
When rate limits are exceeded, the API returns a 429 Too Many Requests status code.
For information about rate limit headers, see Rate Limiting in the overview.
Errors
For detailed explanations of all error codes, see the Error Codes page where you can find all system errors.
401 Unauthorized - Invalid or Missing Token
Occurs when the user authentication token is missing, invalid, or the user referenced in the token does not exist.
Error codes:
MISSING_USER_TOKEN- User authentication token is missing from the requestINVALID_USER_TOKEN- User authentication token is invalid or malformedTOKEN_USER_NOT_FOUND- Token is valid but the user referenced in the token does not exist in the database
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Missing user token",
"code": "MISSING_USER_TOKEN",
"status": 401
}
}json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Invalid user token",
"code": "INVALID_USER_TOKEN",
"status": 401
}
}json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "User not found",
"code": "TOKEN_USER_NOT_FOUND",
"status": 401
}
}403 Forbidden - Restricted Capability
Occurs when the authenticated-user capability is restricted for the tenant or user.
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Capability authenticated-user is restricted",
"code": "RESTRICTED_CAPABILITY",
"status": 403
}
}429 Too Many Requests - Rate Limit Exceeded
Occurs when the rate limit is exceeded. See Rate Limiting section for details.
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Too many requests",
"code": "TOO_MANY_REQUESTS",
"status": 429
}
}500 Internal Server Error
Occurs when an internal error happens during user information retrieval. Common causes include missing authenticated user context or other unexpected system state.
Error codes:
UNEXPECTED_STATE- Unexpected system state (e.g., missing authenticated user context)INTERNAL_SERVER- General internal server error
json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Authenticated user not found",
"code": "UNEXPECTED_STATE",
"status": 500
}
}json
{
"meta": {
"requestId": "req-12345",
"timestamp": "2025-01-15T10:30:00.000Z"
},
"error": {
"message": "Something went wrong on our side.",
"code": "INTERNAL_SERVER",
"status": 500
}
}Notes
- The
profilefield may benullif the user has not set up a profile - Profile objects contain standard fields (name, birthDate, avatar, gender, timestamps) and may include additional custom fields that are dynamically added through profile components