Get the current user
GET
/api/users/me
Returns the profile of the currently authenticated user, resolved from the session/JWT rather than by ID (no user ID is accepted). In addition to the base profile it also exposes hasPassword (whether a local password is set) and connectedProviders (linked OAuth providers). Requires a fully authenticated session; a remember-me / partially authenticated token is rejected.
Authorizations
ApiToken
Long-lived API token created via POST /api/api-tokens (returned once in plaintext).
Type
API Key (header: X-API-TOKEN)
or
JWT
JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer
Type
HTTP (bearer)
Responses
User resource
JSON "@context": "string", "@id": "string", "@type": "string", "id": "9f1b6c2e-1e4a-4c3a-9c8b-1d2e3f4a5b6c", "email": "jane.doe@example.com", "firstName": "Jane", "lastName": "Doe", "superAdmin": false, "active": true, "emailVerified": true, "emailVerifiedAt": "2025-06-15T10:30:00+00:00", "hasPassword": true, "twoFactorEnabled": false, "createdAt": "2025-06-15T10:30:00+00:00", "updatedAt": "2025-06-15T10:30:00+00:00", "twoFactorEnforced": true, "connectedProviders": [ [ "google" ] ]
{
}
