Get Current User

curl --request GET \
  --url https://api.example.com/api/auth/me

{
  "success": true,
  "data": {
    "id": "<string>",
    "email": "<string>",
    "display_name": {},
    "role": "<string>",
    "created_at": "<string>",
    "updated_at": "<string>",
    "github_username": {},
    "gitlab_username": {}
  }
}

GET

api

auth

Get Current User

curl --request GET \
  --url https://api.example.com/api/auth/me

{
  "success": true,
  "data": {
    "id": "<string>",
    "email": "<string>",
    "display_name": {},
    "role": "<string>",
    "created_at": "<string>",
    "updated_at": "<string>",
    "github_username": {},
    "gitlab_username": {}
  }
}

Endpoint

Returns the user profile and account information for the currently authenticated session.

Authentication

Requires a valid session token via:

Authorization: Bearer <token> header, or
heimdall_session cookie

Request

No request body or query parameters required.

Example

curl https://heimdall.example.com/api/auth/me \
  -H "Authorization: Bearer <your_session_token>"

Response

Success Response

success

boolean

Always true for successful requests

data

object

User object

Show properties

string

User ID (UUID v7)

string

User email address

display_name

string | null

Display name (null if not set)

role

string

User role (typically “user”)

created_at

string

Account creation timestamp (ISO 8601)

updated_at

string

Last update timestamp (ISO 8601)

github_username

string | null

Linked GitHub username (if connected)

gitlab_username

string | null

Linked GitLab username (if connected)

{
  "success": true,
  "data": {
    "id": "01932e4a-7b2c-7890-abcd-1234567890ab",
    "email": "alice@example.com",
    "display_name": "Alice",
    "role": "user",
    "created_at": "2026-03-10T10:30:00Z",
    "updated_at": "2026-03-12T15:45:00Z",
    "github_username": "alice",
    "gitlab_username": null
  }
}

Error Responses

401 Unauthorized - No token

{
  "success": false,
  "error": {
    "code": 401,
    "message": "Authentication required"
  }
}

401 Unauthorized - Invalid token

{
  "success": false,
  "error": {
    "code": 401,
    "message": "Invalid or expired session"
  }
}

500 Internal Server Error

{
  "success": false,
  "error": {
    "code": 500,
    "message": "Internal server error"
  }
}

Use Cases

Profile display — Show user information in navigation bar or settings
Permission checks — Verify user role before showing admin features
Session validation — Check if the current session is still valid
Account linking status — Determine which OAuth providers are connected

Login - Authenticate and create a session
Logout - End the current session
Update Profile - Modify user display name

Logout

OAuth Authentication

⌘I

Authentication

Repositories

Scans

Findings

Settings

Webhooks

Get Current User

Endpoint

Authentication

Request

Example

Response

Success Response

Error Responses

Use Cases

Authentication

Repositories

Scans

Findings

Settings

Webhooks

Documentation Index

​Endpoint

​Authentication

​Request

​Example

​Response

​Success Response

​Error Responses

​Use Cases

​Related Endpoints

Endpoint

Authentication

Request

Example

Response

Success Response

Error Responses

Use Cases

Related Endpoints