Users API

Manage user profiles, passwords, and profile pictures. All endpoints require authentication.

Endpoints

Method	Path	Description
GET	`/users/me`	Get current user profile
PUT	`/users/me`	Update profile
POST	`/users/me/password`	Change password
POST	`/users/me/profile-picture`	Upload profile picture
POST	`/users/me/delete-request`	Submit account deletion request

Get Current User

GET /users/me
Authorization: Bearer <token>

Response `200 OK`

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "email": "user@example.com",
  "first_name": "John",
  "last_name": "Doe",
  "phone": "+91-9876543210",
  "company_id": "7b3f1c2d-4e5a-6f7b-8c9d-0e1f2a3b4c5d",
  "auth_provider": "email",
  "email_verified": true,
  "phone_verified": false,
  "is_active": true,
  "permissions": {},
  "profile_picture_url": "https://cdn.example.com/profile/abc.jpg",
  "created_at": "2024-01-01T00:00:00Z",
  "last_login_at": "2024-01-15T10:30:00Z"
}

Update Profile

PUT /users/me
Authorization: Bearer <token>

Request Body

All fields are optional — only include what you want to change.

{
  "first_name": "John",
  "last_name": "Smith",
  "phone": "+91-9876543210"
}

Response `200 OK`

Returns the updated user profile object.

Errors

Status	Detail
`409`	Email already in use (if changing email)

Change Password

Only available for accounts with auth_provider = "email". Google OAuth accounts do not have a password.

POST /users/me/password
Authorization: Bearer <token>

Request Body

{
  "current_password": "OldSecure@123",
  "new_password": "NewSecure@456"
}

Response `200 OK`

{ "message": "Password updated successfully" }

Errors

Status	Detail
`400`	Incorrect current password

Upload Profile Picture

Upload a profile picture. Stored in S3 and returned as a presigned URL.

POST /users/me/profile-picture
Authorization: Bearer <token>
Content-Type: multipart/form-data

Request

Field	Type	Description
`file`	image	JPG, JPEG, PNG, or WebP

Response `200 OK`

Returns the updated user profile with the new profile_picture_url.

Errors

Status	Detail
`400`	File must be an image

Request Account Deletion

Submit an account deletion request. Sends an email to the admin — account is deleted within 30 days.

POST /users/me/delete-request
Authorization: Bearer <token>

Response `200 OK`

{ "message": "Deletion request submitted. We will process it within 30 days." }

Rate Limits

Endpoint	Limit
Profile get/update	120/min
Password change	120/min
Profile picture upload	10/min
Delete request	20/min

Documentation Index

​Users API

​Endpoints

​Get Current User

​Response 200 OK

​Update Profile

​Request Body

​Response 200 OK

​Errors

​Change Password

​Request Body

​Response 200 OK

​Errors

​Upload Profile Picture

​Request

​Response 200 OK

​Errors

​Request Account Deletion

​Response 200 OK

​Rate Limits

Users API

Endpoints

Get Current User

Response `200 OK`

Update Profile

Request Body

Response `200 OK`

Errors

Change Password

Request Body

Response `200 OK`

Errors

Upload Profile Picture

Request

Response `200 OK`

Errors

Request Account Deletion

Response `200 OK`

Rate Limits