Skip to main content

Overview

The Users API provides endpoints for managing user profiles and notifications. Users are automatically created when they first authenticate with a valid Firebase token.

Get Authenticated User

curl -X GET "https://your-domain.com/api/auth/me" \
  -H "Authorization: Bearer YOUR_TOKEN"
GET /api/auth/me Get the authenticated user directly from the Firebase token without a database query. This is faster than /api/users/me but returns less information.

Response

_id
string
User ID
firebaseUid
string
Firebase authentication UID
email
string
User’s email address
displayName
string
User’s display name
role
string
User role (default: “user”, can be “admin”)
{
  "_id": "507f1f77bcf86cd799439011",
  "firebaseUid": "abc123xyz",
  "email": "[email protected]",
  "displayName": "John Doe",
  "role": "user"
}

Get Current User Profile

curl -X GET "https://your-domain.com/api/users/me" \
  -H "Authorization: Bearer YOUR_TOKEN"
GET /api/users/me Get the authenticated user’s profile. Requires authentication.

Response

user
object
User profile object

Update User Profile

curl -X PUT "https://your-domain.com/api/users/me" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "displayName": "John Doe",
    "bio": "Computer Science student passionate about algorithms",
    "preferences": {
      "theme": "dark",
      "emailDigest": true
    }
  }'
PUT /api/users/me Update the authenticated user’s profile. Requires authentication.

Request Body

All fields are optional. Only include fields to update.
displayName
string
User’s display name
photoURL
string
Profile photo URL
bio
string
User biography
preferences
object
User preferences (structure is flexible)

Response

message
string
“Profile updated successfully”
user
object
Updated user object

Get Notifications

curl -X GET "https://your-domain.com/api/users/me/notifications" \
  -H "Authorization: Bearer YOUR_TOKEN"
GET /api/users/me/notifications Get user’s in-app notifications, sorted by most recent first. Requires authentication.

Response

notifications
array
Array of notification objects, sorted by createdAt descending

Manage Notifications

curl -X PUT "https://your-domain.com/api/users/me/notifications" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "markAllRead"
  }'
PUT /api/users/me/notifications Mark notifications as read or delete them. Requires authentication.

Request Body

action
string
required
Action to perform:
  • markAllRead - Mark all notifications as read
  • markRead - Mark specific notifications as read (requires notificationIds)
  • delete - Delete specific notifications (requires notificationIds)
notificationIds
array
Array of notification IDs (required for markRead and delete actions)

Response

message
string
Success message:
  • “All notifications marked as read”
  • “Notifications marked as read”
  • “Notifications deleted”

User Auto-Creation

Users are automatically created on first authentication:
  1. User authenticates with Firebase
  2. API verifies Firebase token
  3. If user doesn’t exist in database:
    • Creates user with Firebase UID, email, display name, photo
    • Sets default role to “user”
    • Initializes default notification settings
  4. Returns user object
This means you don’t need a separate “sign up” endpoint - just authenticate with Firebase.

Error Responses

400 Bad Request

{
  "error": "No valid fields to update"
}

{
  "error": "Invalid action. Must be markRead, markAllRead, or delete"
}

401 Unauthorized

{
  "error": "No token provided"
}

404 Not Found

{
  "error": "User not found"
}

Build docs developers (and LLMs) love

Get started for freeTalk to us