User Endpoints
User profile and account management API endpoints
All endpoints require authentication headers:
Authorization: Bearer <access-token>
X-Session-Id: <session-id>Get User Details
Fetch the current user's profile.
GET /api/user-detailsExample
curl http://localhost:3000/api/user-details \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890"{
"success": true,
"data": {
"user": {
"_id": "507f1f77bcf86cd799439011",
"firstName": "John",
"lastName": "Doe",
"username": "johndoe",
"email": "john@example.com",
"avatar": "https://utfs.io/f/abc123.jpg",
"bio": "Full-stack developer",
"location": {
"address": "123 Main St",
"city": "San Francisco",
"state": "CA",
"country": "USA",
"zipCode": "94102"
},
"socialAccounts": [
{
"url": "https://github.com/johndoe",
"provider": "github"
}
],
"preferences": {
"theme": "dark",
"font": "mono"
},
"dob": "1990-01-15T00:00:00.000Z",
"hasChangedUsername": false,
"authMethod": "email",
"hasPassword": true
}
}
}Response Fields
Prop
Type
Update User Details
Update the current user's profile.
POST /api/user-detailsRequest Body
All fields are optional. Only include fields you want to update.
Prop
Type
Example
curl -X POST http://localhost:3000/api/user-details \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "Content-Type: application/json" \
-d '{
"firstName": "John",
"lastName": "Smith",
"bio": "Senior developer at Acme Inc.",
"location": {
"city": "New York",
"country": "USA"
},
"preferences": {
"theme": "dark",
"font": "sans"
}
}'{
"success": true,
"message": "Profile updated successfully"
}Change Password
Change or set account password.
POST /api/change-passwordRequest Body
Prop
Type
For Users with Password
curl -X POST http://localhost:3000/api/change-password \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "Content-Type: application/json" \
-d '{
"currentPassword": "OldPass123!",
"newPassword": "NewSecurePass456!",
"confirmPassword": "NewSecurePass456!"
}'{
"success": true,
"message": "Password changed successfully"
}{
"success": false,
"message": "Current password is incorrect"
}For OAuth Users (Setting Password)
OAuth users can set a password to enable email/password login:
curl -X POST http://localhost:3000/api/change-password \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "Content-Type: application/json" \
-d '{
"newPassword": "NewSecurePass456!",
"confirmPassword": "NewSecurePass456!"
}'Use hasPassword from the user profile to determine which request format to use.
Check Username Availability
Check if a username is available.
GET /api/change-username?username=<username>Query Parameters
Prop
Type
Example
curl "http://localhost:3000/api/change-username?username=newusername" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890"{
"success": true,
"data": {
"available": true
}
}{
"success": true,
"data": {
"available": false
}
}Change Username
Change the user's username. Can only be done once.
POST /api/change-usernameRequest Body
Prop
Type
Example
curl -X POST http://localhost:3000/api/change-username \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "Content-Type: application/json" \
-d '{
"username": "newusername"
}'{
"success": true,
"message": "Username changed successfully",
"data": {
"username": "newusername"
}
}{
"success": false,
"message": "You have already changed your username"
}{
"success": false,
"message": "Username is already taken"
}Username can only be changed once. The hasChangedUsername field tracks this.
Delete Account
Permanently delete the user account.
DELETE /api/delete-userRequest Body
Prop
Type
For Users with Password
curl -X DELETE http://localhost:3000/api/delete-user \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "Content-Type: application/json" \
-d '{
"password": "CurrentPass123!"
}'{
"success": true,
"message": "Account deleted successfully"
}For OAuth Users
OAuth users without a password don't need to provide one:
curl -X DELETE http://localhost:3000/api/delete-user \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890"This action is irreversible. All user data, sessions, and profile information are permanently deleted.
Upload Avatar
Upload or update user avatar. Uses UploadThing for file handling.
POST /api/upload-avatarRequest Body
Prop
Type
Example
curl -X POST http://localhost:3000/api/upload-avatar \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "Content-Type: application/json" \
-d '{
"avatar": "https://utfs.io/f/abc123.jpg"
}'{
"success": true,
"message": "Avatar updated",
"data": {
"avatar": "https://utfs.io/f/abc123.jpg"
}
}Delete Avatar
Remove the current avatar.
DELETE /api/upload-avatarExample
curl -X DELETE http://localhost:3000/api/upload-avatar \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
-H "X-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890"{
"success": true,
"message": "Avatar removed"
}