Skip to content

Users

Endpoints for retrieving the current user's profile and managing account credentials.

Get Current User

Retrieve the profile and tenant context for the authenticated user.

GET /v1/me

Authentication: Authorization: Bearer {token} or X-API-Key: ipto_{prefix}_{secret}

Scope: Any authenticated principal

Request

curl -X GET https://api.ipto.ai/v1/me \
  -H "Authorization: Bearer {token}"

import requests

response = requests.get(
    "https://api.ipto.ai/v1/me",
    headers={"Authorization": "Bearer {token}"},
)
data = response.json()

const response = await fetch("https://api.ipto.ai/v1/me", {
  headers: { Authorization: "Bearer {token}" },
});
const data = await response.json();

Parameters

No parameters required.

Response

{
  "data": {
    "user_id": "usr_a1b2c3d4e5f6",
    "email": "[email protected]",
    "display_name": "Alice Chen",
    "tenant_id": "tnt_f6e5d4c3b2a1",
    "tenant_display_name": "Acme Corp",
    "is_platform_admin": false,
    "roles": ["owner"]
  },
  "request_id": "req_usr001",
  "timestamp": "2026-04-05T10:00:00Z"
}

Response Fields

Field Type Description
user_id string Unique identifier for the user.
email string The user's email address.
display_name string The user's display name.
tenant_id string Unique identifier for the user's tenant.
tenant_display_name string Human-readable name of the tenant.
is_platform_admin boolean Whether the user has platform-wide admin privileges.
roles string[] List of roles assigned to the user within the tenant (e.g., owner, member).

Change Password

Change the password for the currently authenticated user. Requires a valid session token (API keys cannot be used for this endpoint).

POST /v1/me/password

Authentication: Authorization: Bearer {token} (session token only)

Scope: User session

Request

curl -X POST https://api.ipto.ai/v1/me/password \
  -H "Authorization: Bearer {token}" \
  -H "Content-Type: application/json" \
  -d '{
    "current_password": "s3cur3P@ssw0rd!",
    "new_password": "n3wS3cur3P@ss!"
  }'

import requests

response = requests.post(
    "https://api.ipto.ai/v1/me/password",
    headers={"Authorization": "Bearer {token}"},
    json={
        "current_password": "s3cur3P@ssw0rd!",
        "new_password": "n3wS3cur3P@ss!",
    },
)
data = response.json()

const response = await fetch("https://api.ipto.ai/v1/me/password", {
  method: "POST",
  headers: {
    Authorization: "Bearer {token}",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    current_password: "s3cur3P@ssw0rd!",
    new_password: "n3wS3cur3P@ss!",
  }),
});
const data = await response.json();

Request Body

Field Type Required Description
current_password string Yes The user's current password for verification.
new_password string Yes The new password. Minimum 8 characters.

Response

{
  "data": {
    "success": true
  },
  "request_id": "req_usr002",
  "timestamp": "2026-04-05T10:05:00Z"
}

Response Fields

Field Type Description
success boolean true if the password was successfully changed.

API keys cannot change passwords

This endpoint requires a session token obtained via /v1/auth/login. Requests authenticated with an API key will receive a 403 Forbidden response.

Session continuity

Changing your password does not invalidate your current session. Other active sessions for the same user are also unaffected.