Auth
POST /auth/register
Public. Create an account. Returns a JWT and the user profile.
Body
{
"email": string (valid email, max 255),
"username": string (3-64, [a-zA-Z0-9_]),
"password": string (8-128)
}
201 Created
{
"token": "<JWT>",
"user": { id, email, username, tier, isAdmin, ... }
}
Errors
400 VALIDATION_ERROR
409 EMAIL_EXISTS
409 USERNAME_EXISTSPOST /auth/login
Public. Verify credentials and return a JWT and the user profile.
Body
{
"email": string,
"password": string
}
200 OK
{
"token": "<JWT>",
"user": { id, email, username, tier, isAdmin, ... }
}
Errors
400 VALIDATION_ERROR
401 INVALID_CREDENTIALSGET /auth/me
Authenticated. Return the current user's profile.
200 OK
{ "user": { id, email, username, tier, isAdmin, ... } }
Errors
401 UNAUTHORIZEDPATCH /auth/me
Authenticated. Update username and/or email. Both fields are optional.
Body
{
"username"?: string,
"email"?: string
}
200 OK
{ "user": { ... } }
Errors
400 VALIDATION_ERROR
409 EMAIL_EXISTS
409 USERNAME_EXISTSPOST /auth/change-password
Authenticated. Change your password.
Body
{
"currentPassword": string,
"newPassword": string (8-128)
}
200 OK
{ "success": true }
Errors
400 VALIDATION_ERROR
401 INVALID_CREDENTIALS
404 USER_NOT_FOUNDGET /auth/admin-activity
Authenticated. Return up to 100 admin-audit entries that target your account, newest first.
200 OK
{
"entries": [
{
"id": string,
"action": string, // e.g. "view_map", "update_tier"
"resourceId": string | null,
"note": string | null,
"metadata": object | null,
"createdAt": string // ISO timestamp
},
...
]
}