BioPocket API documentation version 1

https://biopocket.ch/api

Authentication

Management of authentication tokens.

post

post

Creates a new, short-lived (2 weeks) authentication token for a user.

The authenticated user is also included in the response. Frontends may want to use the roles array to know what the user is authorized to do.

Creates a new, short-lived (2 weeks) authentication token for a user.

The authenticated user is also included in the response. Frontends may want to use the roles array to know what the user is authorized to do.

Body

Media type: application/json

Type: object

Properties
  • email: required (string)

    The e-mail address associated with the user account.

  • password: required (string)

    The user account's password.

Example:

POST /api/auth HTTP/1.1
Content-Type: application/json

{
  "email": "jdoe@example.com",
  "password": "letmein"
}

HTTP status code 201

The authentication token was successfully created.

Body

Media type: application/json

Type: object

Properties
  • token: (string)

    A JWT that can be used to authenticate to other API resources. You should send it as a bearer token in the Authorization header, e.g. Authorization: Bearer TOKEN.

  • user: (object)
    • active: (boolean)

      If false, the user account cannot authenticate and is not authorized to perform any action. New user accounts start active, but can be deactivated by an administrator.

    • createdAt: (datetime)

      The time at which the user account was created.

    • email: (string)

      The e-mail address associated to the user account.

    • id: (string)

      The unique ID identifying the user account.

    • roles: (array of string)

      The roles the user is authorized to perform.

    • updatedAt: (datetime)

      The time at which the user account was last updated.

Example:

HTTP/1.1 201 Created
Content-Type: application/json

{
  "token": "eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF",
  "user": {
    "active": true,
    "createdAt": "2000-01-01T16:30:00.123Z",
    "email": "jdoe@example.com",
    "id": "7c4424de-66a0-4044-b872-c5fc77c4365e",
    "roles": [
      "admin"
    ],
    "updatedAt": "2000-02-03T17:00:00.123Z"
  }
}

HTTP status code 400

The request body is not valid JSON.

Body

Media type: text/html

Type: object

Example:

HTTP/1.1 400 Bad Request
Content-Type: text/html

Error: Unexpected token } in JSON at position 0

HTTP status code 401

The credentials in the request body are invalid.

Body

Media type: application/json

Type: object

Examples:

Invalid user:
No user account exists with the specified e-mail address, or it is inactive.

{
  "errors": [
    {
      "code": "auth.invalidUser",
      "message": "This user account does not exist or is inactive."
    }
  ]
}

Invalid credentials:
The specified password is not the correct one.

{
  "errors": [
    {
      "code": "auth.invalidCredentials",
      "message": "The password is invalid."
    }
  ]
}

HTTP status code 422

The request body contains invalid data.

Body

Media type: application/json

Type: object

Example:

HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json

{
  "errors": [
    {
      "location": "/password",
      "message": "is required",
      "type": "json",
      "validator": "required",
      "valueSet": false
    },
    {
      "location": "/email",
      "message": "must be a valid e-mail address",
      "type": "json",
      "validator": "email",
      "value": "jdoe",
      "valueSet": true
    }
  ]
}

Locations

Management of BioPocket locations of interest.

post get

post

Create a new location.

get

List locations.

Create a new location.

Headers

  • Authorization: required (string)

    You must authenticate by sending a JWT bearer token in this header. You may obtain a token by calling POST /api/auth.

    Required roles: admin

    Example:

    Authorization: Bearer eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF

Body

Media type: application/json

Type: object

Properties
  • name: required (string - minLength: 1 - maxLength: 150)

    The location's name.

  • shortName: (string - minLength: 1 - maxLength: 30)

    A shorter name for the location, if available.

  • description: required (string - minLength: 1 - maxLength: 2000)

    A detailed description of the location.

  • phone: required (string - minLength: 1 - maxLength: 20)

    The location's phone number.

  • photoUrl: required (string - maxLength: 500)

    A URL of a picture of the location.

  • siteUrl: required (string - maxLength: 500)

    A URL of the location's website or a related web page.

  • geometry: required (object)

    The location's geographical coordinates (a GeoJSON point).

    • type: required (string)

      The type of GeoJSON object.

    • coordinates: required (array of number)

      The coordinates (longitude & latitude).

  • address: required (object)
    • street: required (string - minLength: 1 - maxLength: 150)

      The street name of the location's address.

    • number: (string - minLength: 1 - maxLength: 15)

      The street number of the location's address.

    • zipCode: required (string - minLength: 1 - maxLength: 15)

      The zip code of the location's address.

    • city: required (string - minLength: 1 - maxLength: 100)

      The city of the location's address.

    • state: required (string - minLength: 1 - maxLength: 30)

      The state of the location's address.

  • properties: (object)

    User-defined properties of the location.

Example:

POST /api/locations HTTP/1.1
Content-Type: application/json

{
  "name": "Somewhere over the rainbow",
  "shortName": "Somewhere",
  "description": "Somewhere over the rainbow blue birds fly and the dreams that you dreamed of really do come true.",
  "phone": "5550001",
  "photoUrl": "http://example.com/image.jpg",
  "siteUrl": "http://example.com",
  "geometry": {
    "type": "Point",
    "coordinates": [ -73.957820, 40.772317 ]
  },
  "address": {
    "street": "Riverside Drive",
    "number": 210,
    "city": "New York",
    "state": "New York",
    "zipCode": "10021"
  }
}

HTTP status code 201

The location was successfully created.

Body

Media type: application/json

Type: object

Properties
  • name: required (string - minLength: 1 - maxLength: 150)

    The location's name.

  • shortName: (string - minLength: 1 - maxLength: 30)

    A shorter name for the location, if available.

  • description: required (string - minLength: 1 - maxLength: 2000)

    A detailed description of the location.

  • phone: required (string - minLength: 1 - maxLength: 20)

    The location's phone number.

  • photoUrl: required (string - maxLength: 500)

    A URL of a picture of the location.

  • siteUrl: required (string - maxLength: 500)

    A URL of the location's website or a related web page.

  • geometry: required (object)

    The location's geographical coordinates (a GeoJSON point).

    • type: required (string)

      The type of GeoJSON object.

    • coordinates: required (array of number)

      The coordinates (longitude & latitude).

  • address: required (object)
    • street: required (string - minLength: 1 - maxLength: 150)

      The street name of the location's address.

    • number: (string - minLength: 1 - maxLength: 15)

      The street number of the location's address.

    • zipCode: required (string - minLength: 1 - maxLength: 15)

      The zip code of the location's address.

    • city: required (string - minLength: 1 - maxLength: 100)

      The city of the location's address.

    • state: required (string - minLength: 1 - maxLength: 30)

      The state of the location's address.

  • properties: (object)

    User-defined properties of the location.

  • id: (string)

    A unique ID identifying the location.

  • createdAt: (datetime)

    The time at which the location was created.

  • updatedAt: (datetime)

    The time at which the location was last updated.

Example:

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": "c821bc0f-85b4-44d5-9bbe-a30cf197c30a",
  "name": "Somewhere over the rainbow",
  "shortName": "Somewhere",
  "description": "Somewhere over the rainbow blue birds fly and the dreams that you dreamed of really do come true.",
  "phone": "5550001",
  "photoUrl": "http://example.com/image.jpg",
  "siteUrl": "http://example.com",
  "geometry": {
    "type": "Point",
    "coordinates": [ -73.957820, 40.772317 ]
  },
  "address": {
    "street": "Riverside Drive",
    "number": 210,
    "city": "New York",
    "state": "New York",
    "zipCode": "10021"
  },
  "createdAt": "2000-01-01T16:30:00.123Z",
  "updatedAt": "2000-02-03T17:00:00.123Z"
}

HTTP status code 400

The request body is not valid JSON.

Body

Media type: text/html

Type: object

Example:

HTTP/1.1 400 Bad Request
Content-Type: text/html

Error: Unexpected token } in JSON at position 0

HTTP status code 401

Authentication is required to access this resource. Either you have not authenticated or your credentials are invalid.

Body

Media type: application/json

Type: object

Examples:

Missing authentication:
You have not sent an Authorization header in the request.

{
  "errors": [
    {
      "code": "auth.missingAuthorization",
      "message": "Authentication is required to access this resource. Authenticate by providing a Bearer token in the Authorization header."
    }
  ]
}

Malformed authentication:
The Authorization header of our request is not in the correct format. The required format is `Bearer TOKEN` where `TOKEN` is a valid JWT that you obtained by calling `POST /api/auth`.

{
  "errors": [
    {
      "code": "auth.malformedAuthorization",
      "message": "The Authorization header is not in the correct format. It should be \"Authorization: Bearer TOKEN\"."
    }
  ]
}

Invalid authentication:
The JWT bearer token you have sent in the Authorization header is invalid or has expired.

{
  "errors": [
    {
      "code": "auth.invalidAuthorization",
      "message": "The Bearer token supplied in the Authorization header is invalid or has expired."
    }
  ]
}

HTTP status code 403

Your user account is not authorized to access this resource. Contact the administrator to request more privileges.

Body

Media type: application/json

Type: object

Example:

{
  "errors": [
    {
      "code": "auth.forbidden",
      "message": "You are not authorized to access this resource. Authenticate with a user account that has more privileges."
    }
  ]
}

HTTP status code 422

The request body contains invalid data.

Body

Media type: application/json

Type: object

Example:

HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json

{
  "errors": [
    {
      "message": "is required",
      "type": "json",
      "location": "/name",
      "validator": "required",
      "valueSet": false
    },
    {
      "message": "must be a number between -90 and 90",
      "type": "json",
      "location": "/geometry/coordinates/1",
      "validator": "latitude",
      "value": 666,
      "valueSet": true
    }
  ]
}

get patch delete

get

Retrieve a single location.

patch

Update a location.

This is a partial update: you may omit required properties. Only properties sent in the request body will be updated. Optional properties can be removed by setting them to null.

The geometry property must be sent in its entirety to be updated, i.e. it must be a full, valid GeoJSON point (for example, it's not possible to only send its coordinates property).

delete

Delete a location.

Retrieve a single location.

URI Parameters

  • id: required (string)

    The unique ID of the location.

Query Parameters

  • only: (array of string)

    Whitelist of properties to include in the response. (Properties also blacklisted with except will not be included.)

    You may use dotted notation in complex objects, e.g. sub.property.

    Example:

    ?only=id&only=name&only=geometry
  • except: (array of string)

    Blacklist of properties not to include in the response.

    You may use dotted notation in complex objects, e.g. sub.property.

    Example:

    ?except=address&except=siteUrl

HTTP status code 200

The location was successfully created.

Body

Media type: application/json

Type: object

Properties
  • name: required (string - minLength: 1 - maxLength: 150)

    The location's name.

  • shortName: (string - minLength: 1 - maxLength: 30)

    A shorter name for the location, if available.

  • description: required (string - minLength: 1 - maxLength: 2000)

    A detailed description of the location.

  • phone: required (string - minLength: 1 - maxLength: 20)

    The location's phone number.

  • photoUrl: required (string - maxLength: 500)

    A URL of a picture of the location.

  • siteUrl: required (string - maxLength: 500)

    A URL of the location's website or a related web page.

  • geometry: required (object)

    The location's geographical coordinates (a GeoJSON point).

    • type: required (string)

      The type of GeoJSON object.

    • coordinates: required (array of number)

      The coordinates (longitude & latitude).

  • address: required (object)
    • street: required (string - minLength: 1 - maxLength: 150)

      The street name of the location's address.

    • number: (string - minLength: 1 - maxLength: 15)

      The street number of the location's address.

    • zipCode: required (string - minLength: 1 - maxLength: 15)

      The zip code of the location's address.

    • city: required (string - minLength: 1 - maxLength: 100)

      The city of the location's address.

    • state: required (string - minLength: 1 - maxLength: 30)

      The state of the location's address.

  • properties
  • id: (string)

    A unique ID identifying the location.

  • createdAt: (datetime)

    The time at which the location was created.

  • updatedAt: (datetime)

    The time at which the location was last updated.

Example:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": "c821bc0f-85b4-44d5-9bbe-a30cf197c30a",
  "name": "Somewhere over the rainbow",
  "shortName": "Somewhere",
  "description": "Somewhere over the rainbow blue birds fly and the dreams that you dreamed of really do come true.",
  "phone": "5550001",
  "photoUrl": "http://example.com/image.jpg",
  "siteUrl": "http://example.com",
  "geometry": {
    "type": "Point",
    "coordinates": [ -73.957820, 40.772317 ]
  },
  "address": {
    "street": "Riverside Drive",
    "number": 210,
    "city": "New York",
    "state": "New York",
    "zipCode": "10021"
  },
  "createdAt": "2000-01-01T16:30:00.123Z",
  "updatedAt": "2000-02-03T17:00:00.123Z"
}

HTTP status code 404

The requested location does not exist (or you are not authorized to access it).

Body

Media type: application/json

Type: object

Example:

HTTP/1.1 404 Not Found
Content-Type: application/json

{
  "errors": [
    {
      "code": "record.notFound",
      "message": "No location was found with ID 7c4424de-66a0-4044-b872-c5fc77c4365."
    }
  ]
}

Update a location.

This is a partial update: you may omit required properties. Only properties sent in the request body will be updated. Optional properties can be removed by setting them to null.

The geometry property must be sent in its entirety to be updated, i.e. it must be a full, valid GeoJSON point (for example, it's not possible to only send its coordinates property).

URI Parameters

  • id: required (string)

    The unique ID of the location.

Headers

  • Authorization: required (string)

    You must authenticate by sending a JWT bearer token in this header. You may obtain a token by calling POST /api/auth.

    Required roles: admin

    Example:

    Authorization: Bearer eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF

Query Parameters

  • only: (array of string)

    Whitelist of properties to include in the response. (Properties also blacklisted with except will not be included.)

    You may use dotted notation in complex objects, e.g. sub.property.

    Example:

    ?only=id&only=name&only=geometry
  • except: (array of string)

    Blacklist of properties not to include in the response.

    You may use dotted notation in complex objects, e.g. sub.property.

    Example:

    ?except=address&except=siteUrl

Body

Media type: application/json

Type: object

Properties
  • name: required (string - minLength: 1 - maxLength: 150)

    The location's name.

  • shortName: (string - minLength: 1 - maxLength: 30)

    A shorter name for the location, if available.

  • description: required (string - minLength: 1 - maxLength: 2000)

    A detailed description of the location.

  • phone: required (string - minLength: 1 - maxLength: 20)

    The location's phone number.

  • photoUrl: required (string - maxLength: 500)

    A URL of a picture of the location.

  • siteUrl: required (string - maxLength: 500)

    A URL of the location's website or a related web page.

  • geometry: required (object)

    The location's geographical coordinates (a GeoJSON point).

    • type: required (string)

      The type of GeoJSON object.

    • coordinates: required (array of number)

      The coordinates (longitude & latitude).

  • address: required (object)
    • street: required (string - minLength: 1 - maxLength: 150)

      The street name of the location's address.

    • number: (string - minLength: 1 - maxLength: 15)

      The street number of the location's address.

    • zipCode: required (string - minLength: 1 - maxLength: 15)

      The zip code of the location's address.

    • city: required (string - minLength: 1 - maxLength: 100)

      The city of the location's address.

    • state: required (string - minLength: 1 - maxLength: 30)

      The state of the location's address.

  • properties

Example:

PATCH /api/locations/c821bc0f-85b4-44d5-9bbe-a30cf197c30a HTTP/1.1
Content-Type: application/json

{
  "name": "Somewhere over the rainbow",
  "shortName": null,
  "phone": "5550001",
  "siteUrl": "http://example.com",
  "geometry": {
    "type": "Point",
    "coordinates": [ -73.957820, 40.772317 ]
  },
  "address": {
    "street": "Riverside Drive",
    "city": "New York"
  }
}

HTTP status code 200

The location was successfully updated.

Body

Media type: application/json

Type: object

Properties
  • name: required (string - minLength: 1 - maxLength: 150)

    The location's name.

  • shortName: (string - minLength: 1 - maxLength: 30)

    A shorter name for the location, if available.

  • description: required (string - minLength: 1 - maxLength: 2000)

    A detailed description of the location.

  • phone: required (string - minLength: 1 - maxLength: 20)

    The location's phone number.

  • photoUrl: required (string - maxLength: 500)

    A URL of a picture of the location.

  • siteUrl: required (string - maxLength: 500)

    A URL of the location's website or a related web page.

  • geometry: required (object)

    The location's geographical coordinates (a GeoJSON point).

    • type: required (string)

      The type of GeoJSON object.

    • coordinates: required (array of number)

      The coordinates (longitude & latitude).

  • address: required (object)
    • street: required (string - minLength: 1 - maxLength: 150)

      The street name of the location's address.

    • number: (string - minLength: 1 - maxLength: 15)

      The street number of the location's address.

    • zipCode: required (string - minLength: 1 - maxLength: 15)

      The zip code of the location's address.

    • city: required (string - minLength: 1 - maxLength: 100)

      The city of the location's address.

    • state: required (string - minLength: 1 - maxLength: 30)

      The state of the location's address.

  • properties
  • id: (string)

    A unique ID identifying the location.

  • createdAt: (datetime)

    The time at which the location was created.

  • updatedAt: (datetime)

    The time at which the location was last updated.

Example:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": "c821bc0f-85b4-44d5-9bbe-a30cf197c30a",
  "name": "Somewhere over the rainbow",
  "description": "Somewhere over the rainbow blue birds fly and the dreams that you dreamed of really do come true.",
  "phone": "5550001",
  "photoUrl": "http://example.com/image.jpg",
  "siteUrl": "http://example.com",
  "geometry": {
    "type": "Point",
    "coordinates": [ -73.957820, 40.772317 ]
  },
  "address": {
    "street": "Riverside Drive",
    "number": 210,
    "city": "New York",
    "state": "New York",
    "zipCode": "10021"
  },
  "createdAt": "2000-01-01T16:30:00.123Z",
  "updatedAt": "2000-02-03T17:00:00.123Z"
}

HTTP status code 400

The request body is not valid JSON.

Body

Media type: text/html

Type: object

Example:

HTTP/1.1 400 Bad Request
Content-Type: text/html

Error: Unexpected token } in JSON at position 0

HTTP status code 401

Authentication is required to access this resource. Either you have not authenticated or your credentials are invalid.

Body

Media type: application/json

Type: object

Examples:

Missing authentication:
You have not sent an Authorization header in the request.

{
  "errors": [
    {
      "code": "auth.missingAuthorization",
      "message": "Authentication is required to access this resource. Authenticate by providing a Bearer token in the Authorization header."
    }
  ]
}

Malformed authentication:
The Authorization header of our request is not in the correct format. The required format is `Bearer TOKEN` where `TOKEN` is a valid JWT that you obtained by calling `POST /api/auth`.

{
  "errors": [
    {
      "code": "auth.malformedAuthorization",
      "message": "The Authorization header is not in the correct format. It should be \"Authorization: Bearer TOKEN\"."
    }
  ]
}

Invalid authentication:
The JWT bearer token you have sent in the Authorization header is invalid or has expired.

{
  "errors": [
    {
      "code": "auth.invalidAuthorization",
      "message": "The Bearer token supplied in the Authorization header is invalid or has expired."
    }
  ]
}

HTTP status code 403

Your user account is not authorized to access this resource. Contact the administrator to request more privileges.

Body

Media type: application/json

Type: object

Example:

{
  "errors": [
    {
      "code": "auth.forbidden",
      "message": "You are not authorized to access this resource. Authenticate with a user account that has more privileges."
    }
  ]
}

HTTP status code 404

The requested location does not exist (or you are not authorized to access it).

Body

Media type: application/json

Type: object

Example:

HTTP/1.1 404 Not Found
Content-Type: application/json

{
  "errors": [
    {
      "code": "record.notFound",
      "message": "No location was found with ID 7c4424de-66a0-4044-b872-c5fc77c4365."
    }
  ]
}

HTTP status code 422

The request body contains invalid data.

Body

Media type: application/json

Type: object

Example:

HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json

{
  "errors": [
    {
      "message": "must be of type string",
      "type": "json",
      "location": "/phone",
      "types": [ "string" ],
      "validator": "type",
      "value": 5550000,
      "valueSet": true
    },
    {
      "message": "must be a number between -90 and 90",
      "type": "json",
      "location": "/geometry/coordinates/1",
      "validator": "latitude",
      "value": 666,
      "valueSet": true
    }
  ]
}

Delete a location.

URI Parameters

  • id: required (string)

    The unique ID of the location.

Headers

  • Authorization: required (string)

    You must authenticate by sending a JWT bearer token in this header. You may obtain a token by calling POST /api/auth.

    Required roles: admin

    Example:

    Authorization: Bearer eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF

HTTP status code 204

The location was successfully deleted.

HTTP status code 401

Authentication is required to access this resource. Either you have not authenticated or your credentials are invalid.

Body

Media type: application/json

Type: object

Examples:

Missing authentication:
You have not sent an Authorization header in the request.

{
  "errors": [
    {
      "code": "auth.missingAuthorization",
      "message": "Authentication is required to access this resource. Authenticate by providing a Bearer token in the Authorization header."
    }
  ]
}

Malformed authentication:
The Authorization header of our request is not in the correct format. The required format is `Bearer TOKEN` where `TOKEN` is a valid JWT that you obtained by calling `POST /api/auth`.

{
  "errors": [
    {
      "code": "auth.malformedAuthorization",
      "message": "The Authorization header is not in the correct format. It should be \"Authorization: Bearer TOKEN\"."
    }
  ]
}

Invalid authentication:
The JWT bearer token you have sent in the Authorization header is invalid or has expired.

{
  "errors": [
    {
      "code": "auth.invalidAuthorization",
      "message": "The Bearer token supplied in the Authorization header is invalid or has expired."
    }
  ]
}

HTTP status code 403

Your user account is not authorized to access this resource. Contact the administrator to request more privileges.

Body

Media type: application/json

Type: object

Example:

{
  "errors": [
    {
      "code": "auth.forbidden",
      "message": "You are not authorized to access this resource. Authenticate with a user account that has more privileges."
    }
  ]
}

HTTP status code 404

The requested location does not exist (or you are not authorized to access it).

Body

Media type: application/json

Type: object

Example:

HTTP/1.1 404 Not Found
Content-Type: application/json

{
  "errors": [
    {
      "code": "record.notFound",
      "message": "No location was found with ID 7c4424de-66a0-4044-b872-c5fc77c4365."
    }
  ]
}

Account

Management of your user account.

get

get

Retrieve your own user account.

Users

Management of BioPocket user accounts.

get

get

Retrieve a user account.

Retrieve a user account.

URI Parameters

  • id: required (string)

    The unique ID of the user account.

Headers

  • Authorization: required (string)

    You must authenticate by sending a JWT bearer token in this header. You may obtain a token by calling POST /api/auth.

    Required roles: admin (or you must be the owner of the user account)

    Example:

    Authorization: Bearer eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF

Query Parameters

  • only: (array of string)

    Whitelist of properties to include in the response. (Properties also blacklisted with except will not be included.)

    You may use dotted notation in complex objects, e.g. sub.property.

    Example:

    ?only=id&only=email
  • except: (array of string)

    Blacklist of properties not to include in the response.

    You may use dotted notation in complex objects, e.g. sub.property.

    Example:

    ?except=roles&except=updatedAt

HTTP status code 200

The user account was successfully retrieved.

Body

Media type: application/json

Type: object

Properties
  • active: (boolean)

    If false, the user account cannot authenticate and is not authorized to perform any action. New user accounts start active, but can be deactivated by an administrator.

  • createdAt: (datetime)

    The time at which the user account was created.

  • email: (string)

    The e-mail address associated to the user account.

  • id: (string)

    The unique ID identifying the user account.

  • roles: (array of string)

    The roles the user is authorized to perform.

  • updatedAt: (datetime)

    The time at which the user account was last updated.

Example:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "active": true,
  "createdAt": "2000-01-01T16:30:00.123Z",
  "email": "jdoe@example.com",
  "id": "10d38b2c-b7ed-41de-986c-bff87031291e",
  "roles": [
    "admin"
  ],
  "updatedAt": "2000-02-03T17:00:00.123Z"
}

HTTP status code 401

Authentication is required to access this resource. Either you have not authenticated or your credentials are invalid.

Body

Media type: application/json

Type: object

Examples:

Missing authentication:
You have not sent an Authorization header in the request.

{
  "errors": [
    {
      "code": "auth.missingAuthorization",
      "message": "Authentication is required to access this resource. Authenticate by providing a Bearer token in the Authorization header."
    }
  ]
}

Malformed authentication:
The Authorization header of our request is not in the correct format. The required format is `Bearer TOKEN` where `TOKEN` is a valid JWT that you obtained by calling `POST /api/auth`.

{
  "errors": [
    {
      "code": "auth.malformedAuthorization",
      "message": "The Authorization header is not in the correct format. It should be \"Authorization: Bearer TOKEN\"."
    }
  ]
}

Invalid authentication:
The JWT bearer token you have sent in the Authorization header is invalid or has expired.

{
  "errors": [
    {
      "code": "auth.invalidAuthorization",
      "message": "The Bearer token supplied in the Authorization header is invalid or has expired."
    }
  ]
}

HTTP status code 403

Your user account is not authorized to access this resource. Contact the administrator to request more privileges.

Body

Media type: application/json

Type: object

Example:

{
  "errors": [
    {
      "code": "auth.forbidden",
      "message": "You are not authorized to access this resource. Authenticate with a user account that has more privileges."
    }
  ]
}

HTTP status code 404

The requested user does not exist (or you are not authorized to access it).

Body

Media type: application/json

Type: object

Example:

HTTP/1.1 404 Not Found
Content-Type: application/json

{
  "errors": [
    {
      "code": "record.notFound",
      "message": "No user was found with ID 7c4424de-66a0-4044-b872-c5fc77c4365."
    }
  ]
}