Returns information about the currently logged-in user.
This endpoint is useful for front-end apps to confirm who is signed in and
what permissions they have. It relies on the auth-token cookie set by
/auth/login.
Authentication is handled via an auth-token HTTP-only cookie set by the
/auth/login endpoint.
- In a browser, you typically call
/auth/loginonce and the cookie will be stored and automatically sent on subsequent API requests. - In API tools (Postman, curl, etc.) you can manually capture the cookie
from the
Set-Cookieheader or configure cookie handling.
This spec models the cookie using apiKey-style auth for documentation
purposes.
Authenticated user details.
Envelope used by /auth/me to return the current user.
Basic user information for the currently authenticated user.
Internal user identifier.
High-level role for permissions (e.g., ADMIN, EDITOR, VIEWER).
Whether the account is disabled.
Fine-grained permission map used internally.
No valid auth cookie was provided.
Standard error response envelope.
Human-readable error message.
The user account is disabled.
Standard error response envelope.
Human-readable error message.
The user referenced by the token no longer exists.
Standard error response envelope.
Human-readable error message.
Unexpected server error.
Standard error response envelope.
Human-readable error message.