Skip to main content

Users API

Manage user account, profile, and security settings.

Endpoints Overview

MethodEndpointDescription
GET/api/users/meGet current user profile
PATCH/api/users/meUpdate user profile
POST/api/users/me/change-passwordChange password
PATCH/api/users/me/email-preferencesUpdate email preferences
POST/api/users/me/avatarUpload avatar
DELETE/api/users/me/avatarRemove avatar
DELETE/api/users/meDelete account
GET/api/users/me/exportExport user data (GDPR)
GET/api/users/me/2fa/statusGet 2FA status
POST/api/users/me/2fa/enableEnable 2FA
POST/api/users/me/2fa/verifyVerify 2FA code
POST/api/users/me/2fa/disableDisable 2FA
POST/api/users/me/2fa/backup-codesRegenerate backup codes
note

All endpoints require JWT authentication. API keys cannot be used for user management endpoints.

Get Current User

GET /api/users/me

Get the profile of the currently authenticated user.

Response

{
  "id": "user_abc123",
  "email": "john@acme.com",
  "name": "John Doe",
  "profilePictureUrl": "https://storage.rynko.dev/avatars/...",
  "emailVerified": true,
  "twoFactorEnabled": false,
  "createdAt": "2024-06-01T00:00:00Z",
  "updatedAt": "2025-01-15T10:30:00Z"
}

Example

curl https://api.rynko.dev/api/users/me \
  -H "Authorization: Bearer <jwt_token>"

Update Profile

PATCH /api/users/me

Update user profile information.

Request Body

FieldTypeRequiredDescription
namestringNoDisplay name
timezonestringNoIANA timezone
note

Email address changes are not supported via this endpoint. To change your email, use the account settings in the dashboard.

Request Example

{
  "name": "John D. Smith",
  "timezone": "Europe/London"
}

Response

Returns the updated user object.

Example

curl -X PATCH https://api.rynko.dev/api/users/me \
  -H "Authorization: Bearer <jwt_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John D. Smith"
  }'

Change Password

POST /api/users/me/change-password

Change the user's password.

Request Body

FieldTypeRequiredDescription
currentPasswordstringYesCurrent password
newPasswordstringYesNew password (min 8 characters)

Request Example

{
  "currentPassword": "current_password_here",
  "newPassword": "new_secure_password"
}

Response

{
  "message": "Password changed successfully"
}

Example

curl -X POST https://api.rynko.dev/api/users/me/change-password \
  -H "Authorization: Bearer <jwt_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "currentPassword": "current_password",
    "newPassword": "new_secure_password"
  }'

Update Email Preferences

PATCH /api/users/me/email-preferences

Update user email notification preferences.

Request Body

FieldTypeRequiredDescription
marketingEmailsbooleanNoReceive marketing emails
productUpdatesbooleanNoReceive product update emails
weeklyDigestbooleanNoReceive weekly digest

Response

{
  "message": "Email preferences updated successfully",
  "preferences": {
    "marketingEmails": false,
    "productUpdates": true,
    "weeklyDigest": true
  }
}

Upload Avatar

POST /api/users/me/avatar

Upload a new avatar image.

Request Body

FieldTypeRequiredDescription
imageDatastringYesBase64 encoded image (JPEG, PNG, or WebP)

Response

{
  "message": "Avatar uploaded successfully",
  "avatarUrl": "https://storage.rynko.dev/avatars/user-123.jpg"
}

Remove Avatar

DELETE /api/users/me/avatar

Remove the current user avatar.

Response

{
  "message": "Avatar removed successfully"
}

Delete Account

DELETE /api/users/me

Permanently delete the user account.

Request Body

FieldTypeRequiredDescription
passwordstringYesCurrent password for verification
reasonstringNoReason for deletion
reasonTextstringNoAdditional feedback

Response

{
  "message": "Account deleted successfully"
}
warning

This action is irreversible. All user data will be permanently deleted after a 30-day grace period.

Export User Data

GET /api/users/me/export

Export all user data in JSON format (GDPR compliance - Right of Access).

Response

{
  "personal": {
    "id": "user_abc123",
    "email": "john@acme.com",
    "name": "John Doe",
    "createdAt": "2024-06-01T00:00:00Z"
  },
  "exportedAt": "2025-01-15T10:30:00Z",
  "format": "JSON"
}

Two-Factor Authentication (2FA)

Get 2FA Status

GET /api/users/me/2fa/status

Get the current 2FA status.

Response

{
  "enabled": false,
  "backupCodesRemaining": 8
}

Enable 2FA

POST /api/users/me/2fa/enable

Generate a TOTP secret and QR code to enable 2FA. After calling this endpoint, the user must scan the QR code with their authenticator app and call the verify endpoint.

Response

{
  "qrCode": "data:image/png;base64,...",
  "secret": "JBSWY3DPEHPK3PXP",
  "backupCodes": ["A1B2C3D4", "E5F6G7H8", "..."]
}

Verify 2FA Code

POST /api/users/me/2fa/verify

Verify the TOTP code from the authenticator app to complete 2FA setup.

Request Body

FieldTypeRequiredDescription
codestringYes6-digit TOTP code from authenticator app

Response

{
  "success": true
}

Disable 2FA

POST /api/users/me/2fa/disable

Disable two-factor authentication.

Request Body

FieldTypeRequiredDescription
passwordstringYesCurrent password for verification

Response

{
  "success": true
}

Regenerate Backup Codes

POST /api/users/me/2fa/backup-codes

Generate new backup codes. This invalidates all previous backup codes.

Request Body

FieldTypeRequiredDescription
passwordstringYesCurrent password for verification

Response

{
  "backupCodes": ["A1B2C3D4", "E5F6G7H8", "..."]
}

Error Codes

CodeDescription
ERR_USER_001User not found
ERR_USER_002A user with this email already exists
ERR_USER_003Invalid email format
ERR_USER_004Account pending deletion (can be restored)
ERR_USER_005Account deletion in progress
ERR_USER_006Failed to restore account
ERR_USER_007Account is not deleted and cannot be restored
ERR_AUTH_002Invalid current password
ERR_AUTH_006Email not verified
ERR_AUTH_012Invalid 2FA code

Related: Projects API | Authentication