Snapbooks logo Snapbooks Developer

Users

The users API lets you manage the authenticated user’s profile, password, profile image, and identities (email and phone). All endpoints operate on the currently authenticated user via /users/me.

Endpoints

Method Endpoint Description
GET /users/me Get current user profile
PATCH /users/me Update current user profile
POST /users/me/change-password Change password
POST /users/me/profile-image Upload profile image
DELETE /users/me/profile-image Remove profile image
GET /users/me/identities List identities
POST /users/me/identities Add an identity
DELETE /users/me/identities Remove an identity
POST /users/me/identities/verify Request identity verification

Get Current User

GET /api/v2/users/me

Returns the authenticated user’s profile, including their identities.

Response

{
  "id": 7,
  "created_at": "2024-01-15T08:30:00Z",
  "first_name": "Ola",
  "last_name": "Nordmann",
  "profile_image_url": "https://cdn.snapbooks.no/profile-images/abc123.jpg",
  "last_login": "2026-03-31T14:22:00Z",
  "identities": [
    {
      "type": "email",
      "value": "ola@example.com",
      "verified": true
    },
    {
      "type": "phone",
      "value": "+4791234567",
      "verified": false
    }
  ]
}

Update Current User

PATCH /api/v2/users/me

Updates the authenticated user’s first name and/or last name.

Request Body

Field Type Required Description
first_name string No User’s first name
last_name string No User’s last name

Example Request

{
  "first_name": "Ola",
  "last_name": "Nordmann"
}

Response

Returns the updated user object (same shape as GET /users/me).

Change Password

POST /api/v2/users/me/change-password

Changes the authenticated user’s password. Rate limited to 5 requests per hour.

Request Body

Field Type Required Description
password string Yes Current password
new_password string Yes New password

Password Requirements

  • Minimum 8 characters
  • Must contain at least one uppercase letter
  • Must contain at least one lowercase letter
  • Must contain at least one number
  • Must be different from the current password

Example Request

{
  "password": "OldPass123",
  "new_password": "NewSecure456"
}

Response

{
  "message": "Password changed successfully"
}

Error Responses

Status Description
400 Missing current or new password, passwords are identical, or new password does not meet requirements
401 Current password is incorrect
429 Rate limit exceeded (5 per hour)

Upload Profile Image

POST /api/v2/users/me/profile-image

Uploads a new profile image for the authenticated user. The request must use multipart/form-data encoding.

Request Body

Field Type Required Description
file file Yes Image file (JPEG, PNG, or WebP)

Allowed Content Types

  • image/jpeg
  • image/jpg
  • image/png
  • image/webp

Response

Returns the updated user object with the new profile_image_url.

Error Responses

Status Description
400 Missing file, no file selected, unsupported image format, or invalid image content

Remove Profile Image

DELETE /api/v2/users/me/profile-image

Removes the authenticated user’s profile image.

Response

Returns the updated user object with profile_image_url set to null.

List Identities

GET /api/v2/users/me/identities

Returns the authenticated user’s identities (email and phone number).

Response

Returns the user object with the identities array populated. See the response example in Get Current User.

Add an Identity

POST /api/v2/users/me/identities

Adds a phone number identity to the authenticated user. Email changes are not supported through this endpoint.

Request Body

Field Type Required Description
type string Yes Identity type. Only phone is supported
value string Yes The phone number

Example Request

{
  "type": "phone",
  "value": "+4791234567"
}

Response

Returns the updated user object with identities.

Error Responses

Status Description
400 Missing required fields, unsupported identity type, or email changes attempted

Remove an Identity

DELETE /api/v2/users/me/identities

Removes a phone number identity from the authenticated user. Email cannot be removed.

Request Body

Field Type Required Description
type string Yes Identity type to remove. Only phone is supported

Example Request

{
  "type": "phone"
}

Response

Returns the updated user object with identities.

Error Responses

Status Description
400 Missing required field, unsupported identity type, or email removal attempted

Request Identity Verification

POST /api/v2/users/me/identities/verify

Sends a verification email to the authenticated user. Rate limited to 5 requests per hour. Only email verification is currently supported.

Request Body

Field Type Required Description
type string Yes Identity type to verify. Only email is supported
value string Yes The email address to verify (must match the stored email)

Example Request

{
  "type": "email",
  "value": "ola@example.com"
}

Response

{
  "message": "Verification email sent"
}

Error Responses

Status Description
400 Missing required fields, unsupported identity type, email mismatch, or email already verified
429 Rate limit exceeded (5 per hour)

Attributes

Attribute Type Description
id integer Unique identifier (read-only)
created_at datetime Account creation timestamp (read-only)
first_name string User’s first name
last_name string User’s last name
profile_image_url string URL to the user’s profile image (read-only)
last_login datetime Last login timestamp (read-only)

Identity

Attribute Type Description
type string Identity type: email or phone
value string The identity value (email address or phone number)
verified boolean Whether the identity has been verified. Only email verification is supported; phone identities always return false