Behavior Notes

• Endpoint path: /auth/user/me
• Strict auth requirements: requires BOTH X-Bridge-Secret and session context (cookie or X-Session-ID).
• /auth/me is a separate legacy endpoint (operation: getCurrentUserLegacy).
• Full session: returns login-compatible shape with success=true, user, sessionId, expiresAt.
• Pending 2FA: returns success=false with requires_2fa=true, sessionId, available_methods, and user.

Get Current User

GET

/auth/user/me

Get current authenticated user/session state. This endpoint is strict and requires BOTH X-Bridge-Secret and a valid session (cookie or X-Session-ID). Returns login-compatible full session shape, or pending 2FA shape when the session is partial.

Authorizations

SessionAuth

Session ID for authenticated requests

Type

API Key (header: X-Session-ID)

+

BridgeSecret

Bridge secret for backend integration

Type

API Key (header: X-Bridge-Secret)

Responses

Current session resolved (full session or pending 2FA)

Content-Type

application/json

{

  

"success": true,

  

"user": {

  

  

"id": "usr_8f3k2m1q9",

  

  

"email": "user@example.com",

  

  

"name": "User",

  

  

"last_name": "Example",

  

  

"user_name": "userexample",

  

  

"user_type": "admin",

  

  

"picture": "https://cdn.example.com/profiles/user-example.jpg",

  

  

"is_verified": true,

  

  

"two_factor": true,

  

  

"lang": "es",

  

  

"metadata": {

  

  

},

  

  

"tmz": null,

  

  

"dob": null,

  

  

"display_name": null,

  

  

"first_time": false,

  

  

"gender": null

  

},

  

"sessionId": "ses_live_abc123xyz890",

  

"expiresAt": "2026-05-06T18:49:00.930Z"

}

GET

/auth/user/me

Playground

Server

Authorization

SessionAuth

BridgeSecret

Samples

Powered by VitePress OpenAPI