Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.shipfastai.dev/llms.txt

Use this file to discover all available pages before exploring further.

The Users API gives authenticated users full control over their own profile and account data. You can retrieve and update your profile, change credentials, request a GDPR-compliant data export, and permanently delete your account. All endpoints are mounted under /api/users/ and require a valid Bearer token.
All endpoints on this page require an Authorization: Bearer <access_token> header. See Authentication for how to obtain a token.

GET /api/users/me

Return the full profile of the currently authenticated user. 
curl --request GET \
  --url http://localhost:8000/api/users/me \
  --header "Authorization: Bearer <access_token>"
ResponseUserResponse:
id
string
required
UUID of the user.
email
string
required
The user’s email address.
full_name
string
The user’s display name.
avatar_url
string
URL to the user’s profile picture.
is_active
boolean
required
Whether the account is active.
is_verified
boolean
required
Whether the email address has been verified.
oauth_provider
string
The OAuth provider used to create the account (google, github), or null for password-based accounts.
subscription_status
string
required
Current subscription status (e.g., free, active, cancelled).
subscription_tier
string
required
Current subscription tier (e.g., free, pro).
created_at
string
required
ISO 8601 timestamp of account creation.
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "email": "user@example.com",
  "full_name": "Jane Smith",
  "avatar_url": "https://example.com/avatars/jane.png",
  "is_active": true,
  "is_verified": true,
  "oauth_provider": null,
  "subscription_status": "active",
  "subscription_tier": "pro",
  "created_at": "2024-01-15T10:30:00Z"
}

PATCH /api/users/me

Update the authenticated user’s profile. Only the fields you include in the request body are updated; omitted fields are left unchanged.
full_name
string
A new display name for the user.
avatar_url
string
A new URL for the user’s profile picture.
curl --request PATCH \
  --url http://localhost:8000/api/users/me \
  --header "Authorization: Bearer <access_token>" \
  --header "Content-Type: application/json" \
  --data '{
    "full_name": "Jane A. Smith",
    "avatar_url": "https://example.com/avatars/jane-new.png"
  }'
ResponseUserResponse with updated fields: 
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "email": "user@example.com",
  "full_name": "Jane A. Smith",
  "avatar_url": "https://example.com/avatars/jane-new.png",
  "is_active": true,
  "is_verified": true,
  "oauth_provider": null,
  "subscription_status": "active",
  "subscription_tier": "pro",
  "created_at": "2024-01-15T10:30:00Z"
}

POST /api/users/me/change-password

Change the password for the currently authenticated user. This endpoint is only available to accounts that were created with a password. OAuth-only accounts (social login only, no password set) must use the forgot-password flow to set an initial password.
current_password
string
required
The user’s existing password.
new_password
string
required
The new password to set.
curl --request POST \
  --url http://localhost:8000/api/users/me/change-password \
  --header "Authorization: Bearer <access_token>" \
  --header "Content-Type: application/json" \
  --data '{
    "current_password": "old-password-123",
    "new_password": "new-password-456"
  }'
Response: 
{
  "message": "Password changed successfully"
}
Returns 400 if the current password is incorrect, or if the account uses social login and has no password set.

POST /api/users/me/change-email

Request an email address change. The new address must not already be in use. After the change, is_verified is set to false and a new verification email is sent to the new address.
new_email
string
required
The new email address to associate with the account. Must be a valid email format.
password
string
required
The user’s current password to confirm the change. Required for password-based accounts.
curl --request POST \
  --url http://localhost:8000/api/users/me/change-email \
  --header "Authorization: Bearer <access_token>" \
  --header "Content-Type: application/json" \
  --data '{
    "new_email": "new-address@example.com",
    "password": "current-password-123"
  }'
Response: 
{
  "message": "Verification email sent to your new address"
}

GET /api/users/me/export

Export all personal data stored for the authenticated user as a downloadable JSON file. This endpoint is provided for GDPR compliance. 
curl --request GET \
  --url http://localhost:8000/api/users/me/export \
  --header "Authorization: Bearer <access_token>" \
  --output user-data-export.json
The response is a Content-Disposition: attachment JSON file with the following fields:
id
string
UUID of the user.
email
string
Email address.
full_name
string
Display name.
avatar_url
string
Profile picture URL.
oauth_provider
string
OAuth provider if applicable.
is_verified
boolean
Email verification status.
subscription_status
string
Current subscription status.
subscription_tier
string
Current subscription tier.
created_at
string
Account creation timestamp.
updated_at
string
Last profile update timestamp.
last_login_at
string
Most recent login timestamp.
exported_at
string
Timestamp of when this export was generated.
{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "email": "user@example.com",
  "full_name": "Jane Smith",
  "avatar_url": null,
  "oauth_provider": null,
  "is_verified": true,
  "subscription_status": "active",
  "subscription_tier": "pro",
  "created_at": "2024-01-15T10:30:00.000000",
  "updated_at": "2024-03-01T14:22:00.000000",
  "last_login_at": "2024-03-10T09:00:00.000000",
  "exported_at": "2024-03-10T09:05:00.000000"
}

DELETE /api/users/me

Permanently delete the authenticated user’s account. This action is irreversible. For password-based accounts, you must supply the current password to confirm deletion. For OAuth-only accounts (no password), you must pass "confirm": "DELETE" instead.
password
string
The user’s current password. Required for password-based accounts.
confirm
string
Must be the exact string "DELETE". Required for OAuth-only accounts that have no password.
Deleting an account is permanent. All user data is removed from the database immediately and cannot be recovered.
curl --request DELETE \
  --url http://localhost:8000/api/users/me \
  --header "Authorization: Bearer <access_token>" \
  --header "Content-Type: application/json" \
  --data '{"password": "current-password-123"}'
Response: 
{
  "message": "User deleted successfully"
}