GET
/
auth
/
user-profile
curl -X GET https://api.authiqa.com/auth/user-profile \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json"

{
  "userID": "<string>",
  "username": "<string>",
  "email": "<string>",
  "publicKey": "<string>",
  "accountType": "<string>",
  "parentAccount": "<string>",
  "accountStatus": "<string>",
  "emailVerified": true,
  "createdAt": 123,
  "updatedAt": 123,
  "lastLogin": 123,
  "organizationName": "<string>",
  "organizationUrl": "<string>",
  "authUrls": {},
  "domainRestrictionEnabled": true,
  "emailVerificationRequired": true,
  "authProvider": "<string>",
  "lastLoginProvider": "<string>",
  "googleId": "<string>",
  "accountBalance": 123,
  "availableBalance": 123,
  "organizationUpdateCount": 123,
  "emailConfirmationCount": 123,
  "resendEmailCount": 123,
  "resetPasswordRequestCount": 123,
  "passwordUpdateCount": 123,
  "signInCount": 123,
  "organizationDetailsRetrievalCount": 123,
  "childAccountsListRetrievalCount": 123,
  "lastPasswordChanged": 123,
  "loginAttempts": 123,
  "lastLoginAttempt": 123,
  "lockedUntil": 123,
  "lastResetPasswordRequestAt": 123,
  "googleSsoConfig": {}
}

Overview

This endpoint retrieves comprehensive user profile information including account details, organization settings, authentication history, billing information, and usage statistics. Requires JWT authentication and returns different data based on account type.

API Details

Authentication

Authorization
string
required
Bearer JWT token for authentication
curl -X GET https://api.authiqa.com/auth/user-profile \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json"

Try It Out

Test the API by providing your JWT token:

Authorization
required
JWT token for authentication

Response Examples

200: Success - Parent Account
{
  "success": true,
  "data": {
    "message": "User profile retrieved successfully",
    "user": {
      "userID": "USR_parent_12345",
      "username": "parentuser",
      "email": "parent@example.com",
      "publicKey": "APK_abc123def456_1234567890",
      "accountType": "parent",
      "parentAccount": "ROOT",
      "accountStatus": "active",
      "emailVerified": true,
      "createdAt": 1729616234,
      "updatedAt": 1729616234,
      "lastLogin": 1729616234,
      "organizationName": "Example Corp",
      "organizationUrl": "https://example.com",
      "authUrls": {
        "signin": "https://example.com/signin",
        "signup": "https://example.com/signup"
      },
      "domainRestrictionEnabled": true,
      "emailVerificationRequired": false,
      "organizationId": null,
      "authProvider": "email",
      "lastLoginProvider": "email",
      "googleId": null,
      "accountBalance": 25.50,
      "availableBalance": 23.75,
      "organizationUpdateCount": 3,
      "emailConfirmationCount": 1,
      "resendEmailCount": 0,
      "resetPasswordRequestCount": 0,
      "passwordUpdateCount": 1,
      "signInCount": 15,
      "organizationDetailsRetrievalCount": 8,
      "childAccountsListRetrievalCount": 2,
      "lastPasswordChanged": 1729616234,
      "loginAttempts": 0,
      "lastLoginAttempt": null,
      "googleSsoConfig": {
        "enabled": true,
        "clientId": "123456789-abcdefghijklmnop.apps.googleusercontent.com"
      },
      "lastLowBalanceNotificationAt": null,
      "lastCriticalBalanceNotificationAt": null,
      "lastDepletedBalanceNotificationAt": null,
      "lockedUntil": null,
      "lastResetPasswordRequestAt": null
    }
  }
}
200: Success - Child Account
{
  "success": true,
  "data": {
    "message": "User profile retrieved successfully",
    "user": {
      "userID": "USR_child_67890",
      "username": "childuser",
      "email": "child@example.com",
      "publicKey": "APK_def456ghi789_0987654321",
      "accountType": "child",
      "parentAccount": "APK_abc123def456_1234567890",
      "accountStatus": "active",
      "emailVerified": true,
      "createdAt": 1729616234,
      "updatedAt": 1729616234,
      "lastLogin": 1729616234,
      "organizationName": "Example Corp",
      "organizationUrl": null,
      "authUrls": null,
      "domainRestrictionEnabled": true,
      "emailVerificationRequired": false,
      "organizationId": null,
      "authProvider": "google",
      "lastLoginProvider": "google",
      "googleId": "google_user_id_12345",
      "organizationUpdateCount": 0,
      "emailConfirmationCount": 1,
      "resendEmailCount": 0,
      "resetPasswordRequestCount": 0,
      "passwordUpdateCount": 0,
      "signInCount": 8,
      "organizationDetailsRetrievalCount": 0,
      "childAccountsListRetrievalCount": 0,
      "lastPasswordChanged": null,
      "loginAttempts": 0,
      "lastLoginAttempt": null,
      "lastLowBalanceNotificationAt": null,
      "lastCriticalBalanceNotificationAt": null,
      "lastDepletedBalanceNotificationAt": null,
      "lockedUntil": null,
      "lastResetPasswordRequestAt": null
    }
  }
}
401: Unauthorized
{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing authentication token"
  }
}

Response Fields

Core Identity

userID
string
Unique user identifier
username
string
User’s username
email
string
User’s email address
publicKey
string
User’s public API key

Account Information

accountType
string
Account type: “parent” or “child”
parentAccount
string
Parent account reference (“ROOT” for parents, parent’s publicKey for children)
accountStatus
string
Account status: “active”, “inactive”, or “locked”
emailVerified
boolean
Whether email address is verified
createdAt
number
Account creation timestamp
updatedAt
number
Last account update timestamp
lastLogin
number
Last login timestamp

Organization Details

organizationName
string
Organization display name
organizationUrl
string
Organization base URL
authUrls
object
Authentication URLs configuration
domainRestrictionEnabled
boolean
Whether widget is domain-restricted
emailVerificationRequired
boolean
Whether email verification is required

Authentication Details

authProvider
string
Primary authentication provider: “email” or “google”
lastLoginProvider
string
Last used authentication provider
googleId
string
Google account ID (if linked)

Billing Information (Parent Accounts Only)

accountBalance
number
Total account balance
availableBalance
number
Available balance for operations

Usage Statistics

organizationUpdateCount
number
Number of organization updates
emailConfirmationCount
number
Email confirmations performed
resendEmailCount
number
Verification emails resent
resetPasswordRequestCount
number
Password reset requests
passwordUpdateCount
number
Password updates performed
signInCount
number
Total sign-in attempts
organizationDetailsRetrievalCount
number
Organization details retrievals
childAccountsListRetrievalCount
number
Child accounts list retrievals

Security Information

lastPasswordChanged
number
Last password change timestamp
loginAttempts
number
Failed login attempts counter
lastLoginAttempt
number
Last login attempt timestamp
lockedUntil
number
Account lock expiry timestamp
lastResetPasswordRequestAt
number
Last password reset request timestamp

Google SSO Configuration (Parent Accounts Only)

googleSsoConfig
object
Google SSO settings with enabled status and client ID

Error Codes

401 Unauthorized
  • UNAUTHORIZED - Missing or invalid JWT token
403 Forbidden
  • ACCOUNT_INACTIVE - Account is not in active status
404 Not Found
  • USER_NOT_FOUND - User account not found in database
500 Internal Server Error
  • INTERNAL_ERROR - Unexpected server error occurred

Security Features

Data Security

Sensitive Data Excluded: The following sensitive fields are intentionally excluded from the response for security:
  • Hashed passwords
  • JWT signing secrets
  • Email verification tokens
  • Encryption keys and initialization vectors
  • Password reset tokens
  • Google OAuth client secrets

Access Control

Authentication Required: This endpoint requires valid JWT authentication and will only return data for the authenticated user.

Account Type Differences

Parent Accounts

  • Include billing information (balance fields)
  • Include Google SSO configuration
  • Include organization management counters
  • Include notification timestamps
  • Have organization settings and auth URLs

Child Accounts

  • No billing information (uses parent’s balance)
  • No Google SSO configuration
  • Limited organization management access
  • Inherit parent’s organization settings
  • May have Google authentication details

Usage Notes

This endpoint provides comprehensive user information for dashboard displays, account management interfaces, and user settings pages.
The response contains detailed usage statistics and timestamps. Handle this data appropriately and avoid exposing sensitive information in client-side applications.