Skip to main content

Users API

Manage user account, profile, and security settings.

Endpoints Overview

MethodEndpointDescription
GET/api/users/meGet current user profile
PATCH/api/users/meUpdate user profile
POST/api/users/me/change-passwordChange password
PATCH/api/users/me/email-preferencesUpdate email preferences
POST/api/users/me/avatarUpload avatar
DELETE/api/users/me/avatarRemove avatar
DELETE/api/users/meDelete account
GET/api/users/me/exportExport user data (GDPR)
GET/api/users/me/2fa/statusGet 2FA status
POST/api/users/me/2fa/enableEnable 2FA
POST/api/users/me/2fa/verifyVerify 2FA code
POST/api/users/me/2fa/disableDisable 2FA
POST/api/users/me/2fa/backup-codesRegenerate backup codes
note

All endpoints require JWT authentication. API keys cannot be used for user management endpoints.

Get Current User

GET /api/users/me

Get the profile of the currently authenticated user.

Response

{
  "id": "user_abc123",
  "email": "[email protected]",
  "name": "John Doe",
  "profilePictureUrl": "https://storage.renderdoc.dev/avatars/...",
  "emailVerified": true,
  "twoFactorEnabled": false,
  "createdAt": "2024-06-01T00:00:00Z",
  "updatedAt": "2025-01-15T10:30:00Z"
}

Example

curl https://api.renderdoc.dev/api/users/me \
  -H "Authorization: Bearer <jwt_token>"

Update Profile

PATCH /api/users/me

Update user profile information.

Request Body

FieldTypeRequiredDescription
namestringNoDisplay name
emailstringNoEmail address (requires verification)
timezonestringNoIANA timezone

Request Example

{
  "name": "John D. Smith",
  "timezone": "Europe/London"
}

Response

Returns the updated user object. If email is changed, a verification email is sent.

Example

curl -X PATCH https://api.renderdoc.dev/api/users/me \
  -H "Authorization: Bearer <jwt_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John D. Smith"
  }'

Change Password

POST /api/users/me/change-password

Change the user's password.

Request Body

FieldTypeRequiredDescription
currentPasswordstringYesCurrent password
newPasswordstringYesNew password (min 8 characters)

Request Example

{
  "currentPassword": "current_password_here",
  "newPassword": "new_secure_password"
}

Response

{
  "message": "Password changed successfully"
}

Example

curl -X POST https://api.renderdoc.dev/api/users/me/change-password \
  -H "Authorization: Bearer <jwt_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "currentPassword": "current_password",
    "newPassword": "new_secure_password"
  }'

Update Email Preferences

PATCH /api/users/me/email-preferences

Update user email notification preferences.

Request Body

FieldTypeRequiredDescription
marketingEmailsbooleanNoReceive marketing emails
productUpdatesbooleanNoReceive product update emails
weeklyDigestbooleanNoReceive weekly digest

Response

{
  "message": "Email preferences updated successfully",
  "preferences": {
    "marketingEmails": false,
    "productUpdates": true,
    "weeklyDigest": true
  }
}

Upload Avatar

POST /api/users/me/avatar

Upload a new avatar image.

Request Body

FieldTypeRequiredDescription
imageDatastringYesBase64 encoded image (JPEG, PNG, or WebP)

Response

{
  "message": "Avatar uploaded successfully",
  "avatarUrl": "https://storage.renderdoc.dev/avatars/user-123.jpg"
}

Remove Avatar

DELETE /api/users/me/avatar

Remove the current user avatar.

Response

{
  "message": "Avatar removed successfully"
}

Delete Account

DELETE /api/users/me

Permanently delete the user account.

Request Body

FieldTypeRequiredDescription
passwordstringYesCurrent password for verification
reasonstringNoReason for deletion
reasonTextstringNoAdditional feedback

Response

{
  "message": "Account deleted successfully"
}
warning

This action is irreversible. All user data will be permanently deleted after a 30-day grace period.

Export User Data

GET /api/users/me/export

Export all user data in JSON format (GDPR compliance - Right of Access).

Response

{
  "personal": {
    "id": "user_abc123",
    "email": "[email protected]",
    "name": "John Doe",
    "createdAt": "2024-06-01T00:00:00Z"
  },
  "exportedAt": "2025-01-15T10:30:00Z",
  "format": "JSON"
}

Two-Factor Authentication (2FA)

Get 2FA Status

GET /api/users/me/2fa/status

Get the current 2FA status.

Response

{
  "enabled": false,
  "backupCodesRemaining": 8
}

Enable 2FA

POST /api/users/me/2fa/enable

Generate a TOTP secret and QR code to enable 2FA. After calling this endpoint, the user must scan the QR code with their authenticator app and call the verify endpoint.

Response

{
  "qrCode": "data:image/png;base64,...",
  "secret": "JBSWY3DPEHPK3PXP",
  "backupCodes": ["A1B2C3D4", "E5F6G7H8", "..."]
}

Verify 2FA Code

POST /api/users/me/2fa/verify

Verify the TOTP code from the authenticator app to complete 2FA setup.

Request Body

FieldTypeRequiredDescription
codestringYes6-digit TOTP code from authenticator app

Response

{
  "success": true
}

Disable 2FA

POST /api/users/me/2fa/disable

Disable two-factor authentication.

Request Body

FieldTypeRequiredDescription
passwordstringYesCurrent password for verification

Response

{
  "success": true
}

Regenerate Backup Codes

POST /api/users/me/2fa/backup-codes

Generate new backup codes. This invalidates all previous backup codes.

Request Body

FieldTypeRequiredDescription
passwordstringYesCurrent password for verification

Response

{
  "backupCodes": ["A1B2C3D4", "E5F6G7H8", "..."]
}

Error Codes

CodeDescription
ERR_USER_001User not found
ERR_USER_002A user with this email already exists
ERR_USER_003Invalid email format
ERR_USER_004Account pending deletion (can be restored)
ERR_USER_005Account deletion in progress
ERR_USER_006Failed to restore account
ERR_USER_007Account is not deleted and cannot be restored
ERR_AUTH_002Invalid current password
ERR_AUTH_006Email not verified
ERR_AUTH_012Invalid 2FA code

Related: Teams API | Authentication